52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# SOME DESCRIPTIVE TITLE
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# Copyright (C) YEAR Red Hat
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# This file is distributed under the same license as the sssd-docs package.
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# Tadashi Jokagi <elf@poyo.jp>, 2012
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek# Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# carrotsoft <www.carrotsoft@gmail.com>, 2012
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Project-Id-Version: sssd-docs 1.15.3\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"POT-Creation-Date: 2018-03-09 12:30+0100\n"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"PO-Revision-Date: 2014-12-14 11:59-0500\n"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Language: ja\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"MIME-Version: 1.0\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Content-Type: text/plain; charset=UTF-8\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Content-Transfer-Encoding: 8bit\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"Plural-Forms: nplurals=1; plural=0;\n"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"X-Generator: Zanata 3.9.6\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SSSD Manual pages"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD マニュアル ページ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupmod"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_groupmod"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sss_groupmod.8.xml:11 pam_sss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "modify a group"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "グループを変更します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:57
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "DESCRIPTION"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupmod</command> modifies the group to reflect the changes "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that are specified on the command line."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupmod</command> はコマンドラインにおいて指定された変更を反映"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"するようグループを変更します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "OPTIONS"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Append this group to groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"a comma separated list of group names."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定された"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"プ名のカンマ区切り一覧です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Remove this group from groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定された"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "File Formats and Conventions"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ファイル形式および変換"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "the configuration file for SSSD"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD の設定ファイル"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "FILE FORMAT"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ファイルフォーマット"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<replaceable>[section]</replaceable>\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The file has an ini-style syntax and consists of sections and parameters. A "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"section begins with the name of the section in square brackets and continues "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"until the next section begins. An example of section with single and multi-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ファイルは ini 形式の構文を持ち、セクションとパラメーターから構成されます。セ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クションは角括弧にあるセクション名から始まり、次のセクションが始まるまで続き"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ます。 1 つセクションと複数の値を持つパラメーターの例: <placeholder type="
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\"programlisting\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The data types used are string (no quotes needed), integer and bool (with "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"values of <quote>TRUE/FALSE</quote>)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"使用されるデータ形式は、文字列(引用符は不要)、整数および論理値"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"(<quote>TRUE/FALSE</quote> の値)です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"(<quote>;</quote>). Inline comments are not supported."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"All sections can have an optional <replaceable>description</replaceable> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"parameter. Its function is only as a label for the section."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"すべてのセクションはオプションの <replaceable>description</replaceable> パラ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"メーターを持てます。その機能はセクションのラベルとしてのみです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<filename>sssd.conf</filename> must be a regular file, owned by root and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"only root may read from or write to the file."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<filename>sssd.conf</filename> は、root により所有され、root のみが読み書きで"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"きる、通常のファイルである必要があります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"The configuration file <filename>sssd.conf</filename> will include "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"configuration snippets using the include directory <filename>conf.d</"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"filename>. This feature is available if SSSD was compiled with libini "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"version 1.3.0 or later."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"Any file placed in <filename>conf.d</filename> that ends in "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<quote><filename>.conf</filename></quote> and does not begin with a dot "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"to configure SSSD."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"The configuration snippets from <filename>conf.d</filename> have higher "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"priority than <filename>sssd.conf</filename> and will override "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"present in <filename>conf.d</filename>, then they are included in "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"alphabetical order (based on locale). Files included later have higher "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"(higher number means higher priority)."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"The snippet files require the same owner and permissions as <filename>sssd."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"conf</filename>. Which are by default root:root and 0600."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "GENERAL OPTIONS"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Following options are usable in more than one configuration sections."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Options usable in all sections"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "debug_level (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "debug_level (整数)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "debug (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"are specified, the value of <replaceable>debug_level</replaceable> will be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "debug_timestamps (bool)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "debug_timestamps (論理値)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Add a timestamp to the debug messages. If journald is enabled for SSSD "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"debug logging this option is ignored."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: true"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "初期値: true"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "debug_microseconds (bool)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "debug_microseconds (論理値)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Add microseconds to the timestamp in debug messages. If journald is enabled "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"for SSSD debug logging this option is ignored."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: false"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "初期値: false"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2373
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<placeholder type=\"variablelist\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Options usable in SERVICE and DOMAIN sections"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "timeout (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "timeout (整数)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Timeout in seconds between heartbeats for this service. This is used to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ensure that the process is alive and capable of answering requests. Note "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"that after three missed heartbeats the process will terminate itself."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: 10"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "初期値: 10"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SPECIAL SECTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "特別セクション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The [sssd] section"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "[sssd] セクション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Section parameters"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "セクションのパラメーター"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "config_file_version (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "config_file_version (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"設定ファイルの構文が何であるカを指示します。SSSD 0.6.0 およびそれ以降はバー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ジョン 2 を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "services"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "services"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Comma separated list of services that are started when sssd itself starts. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<phrase condition=\"have_systemd\"> The services' list is optional on "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"platforms where systemd is supported, as they will either be socket or D-Bus "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"activated when needed. </phrase>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<phrase condition=\"have_systemd\"> By default, all services are disabled "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"and the administrator must enable the ones allowed to be used by executing: "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"\"systemctl enable sssd-@service@.socket\". </phrase>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "reconnection_retries (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "reconnection_retries (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Number of times services should attempt to reconnect in the event of a Data "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Provider crash or restart before they give up"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきら"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"める前に試行する回数です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 3"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 3"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "domains"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "domains"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A domain is a database containing user information. SSSD can use more "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domains at the same time, but at least one must be configured or SSSD won't "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"start. This parameter describes the list of domains in the order you want "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"them to be queried. A domain name should only consist of alphanumeric ASCII "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"characters, dashes, dots and underscores."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "re_expression (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "re_expression (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Default regular expression that describes how to parse the string containing "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"user name and domain into these components."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Each domain can have an individual regular expression configured. For some "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ID providers there are also default regular expressions. See DOMAIN SECTIONS "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"for more info on these regular expressions."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "full_name_format (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "full_name_format (文字列)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"manvolnum> </citerefentry>-compatible format that describes how to compose a "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"fully qualified name from user name and domain name components."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manvolnum> </citerefentry> 互換形式。"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "%1$s"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "user name"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ユーザー名"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "%2$s"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "domain name as specified in the SSSD config file."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "%3$s"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"domain flat name. Mostly usable for Active Directory domains, both directly "
0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek"configured or discovered via IPA trusts."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"The following expansions are supported: <placeholder type=\"variablelist\" "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Each domain can have an individual format string configured. see DOMAIN "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"SECTIONS for more info on this option."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "try_inotify (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "try_inotify (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD monitors the state of resolv.conf to identify when it needs to update "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"its internal DNS resolver. By default, we will attempt to use inotify for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"this, and will fall back to polling resolv.conf every five seconds if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"inotify cannot be used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"conf の状態を監視します。初期状態では、このために inotify を使用しようとしま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"There are some limited situations where it is preferred that we should skip "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"even trying to use inotify. In these rare cases, this option should be set "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"inotify を使用することをスキップすることが望ましい、いくつかの制限された状況"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"があります。これらの珍しい場合では、このオプションが 'false' に設定されるべき"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: true on platforms where inotify is supported. False on other "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: inotify がサポートされるプラットフォームにおいては真です。他のプラッ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"トフォームにおいては偽です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note: this option will have no effect on platforms where inotify is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"unavailable. On these platforms, polling will always be used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"注: このオプションは inotify が利用不可能なプラットフォームにおいて効果があり"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_rcache_dir (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_rcache_dir (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Directory on the filesystem where SSSD should store Kerberos replay cache "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD to let libkrb5 decide the appropriate location for the replay cache."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このオプションは、libkrb5 がリプレイキャッシュに対する適切な場所を決められる"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: Distribution-specific and specified at build-time. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(__LIBKRB5_DEFAULTS__ if not configured)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ければ __LIBKRB5_DEFAULTS__ です)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "user (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"The user to drop the privileges to where appropriate to avoid running as the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"root user. <phrase condition=\"have_systemd\"> This option does not work "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"when running socket-activated services, as the user set up to run the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"processes is set up during compilation time. The way to override the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"systemd unit files is by creating the appropriate files in /etc/systemd/"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"system/. Keep in mind that any change in the socket user, group or "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"permissions may result in a non-usable SSSD. The same may occur in case of "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"changes of the user running the NSS responder. </phrase>"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: not set, process will run as root"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "default_domain_suffix (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "default_domain_suffix (文字列)"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"This string will be used as a default domain name for all names without a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"domain name component. The main use case is environments where the primary "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"domain is intended for managing host policies and all users are located in a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"trusted domain. The option allows those users to log in just with their "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"user name without giving a domain name as well."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Please note that if this option is set all users from the primary domain "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"have to use their fully qualified name, e.g. user@domain.name, to log in. "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Setting this option changes default of use_fully_qualified_names to True. It "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"is not allowed to use this option together with use_fully_qualified_names "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"set to False."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "Default: not set"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgstr "初期値: 設定されません"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "override_space (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"This parameter will replace spaces (space bar) with the given character for "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"user and group names. e.g. (_). User name "john doe" will be "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek""john_doe" This feature was added to help compatibility with shell "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"scripts that have difficulty handling spaces, due to the default field "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"separator in the shell."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Please note it is a configuration error to use a replacement character that "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"might be used in user or group names. If a name contains the replacement "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"character SSSD tries to return the unmodified name but in general the result "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"of a lookup is undefined."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: not set (spaces will not be replaced)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "certificate_verification (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "no_ocsp"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"needed if the OCSP servers defined in the certificate are not reachable from "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"the client."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "no_verification"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Disables verification completely. This option should only be used for "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ocsp_default_responder=URL"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Sets the OCSP default responder which should be used instead of the one "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"default responder e.g. http://example.com:80/ocsp."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"This option must be used together with ocsp_default_responder_signing_cert."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ocsp_default_responder_signing_cert=NAME"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The nickname of the cert to trust (expected) to sign the OCSP responses. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The certificate with the given nickname must be available in the systems NSS "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "This option must be used together with ocsp_default_responder."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"With this parameter the certificate verification can be tuned with a comma "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"separated list of options. Supported options are: <placeholder type="
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"\"variablelist\" id=\"0\"/>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Unknown options are reported but ignored."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "Default: not set, i.e. do not restrict certificate verification"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "disable_netlink (boolean)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"SSSD hooks into the netlink interface to monitor changes to routes, "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"addresses, links and trigger certain actions."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The SSSD state changes caused by netlink events may be undesirable and can "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"be disabled by setting this option to 'true'"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: false (netlink changes are detected)"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "enable_files_domain (boolean)"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"When this option is enabled, SSSD prepends an implicit domain with "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<quote>id_provider=files</quote> before any explicitly configured domains."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "domain_resolution_order"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Comma separated list of domains and subdomains representing the lookup order "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"that will be followed. The list doesn't have to include all possible "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"domains as the missing domains will be looked up based on the order they're "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"presented in the <quote>domains</quote> configuration option. The "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"subdomains which are not listed as part of <quote>lookup_order</quote> will "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"be looked up in a random order for each parent domain."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please, note that when this option is set the output format of all commands "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"is always fully-qualified even when using short names for input. In case "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the administrator wants the output not fully-qualified, the full_name_format "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"However, keep in mind that during login, login applications often "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"shortname is returned for a qualified input (while trying to reach a user "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"which exists in multiple domains) might re-route the login attempt into the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"domain which users shortnames, making this workaround totally not "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"recommended in cases where usernames may overlap between domains."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Default: Not set"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Individual pieces of SSSD functionality are provided by special SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"services that are started and stopped together with SSSD. The services are "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"managed by a special service frequently called <quote>monitor</quote>. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>[sssd]</quote> section is used to configure the monitor as well as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"some other important options like the identity domains. <placeholder type="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"\"variablelist\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD の機能の各部分は SSSD と一緒に開始および停止される特別な SSSD サービスに"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"より提供されます。特別なサービスにより管理されるサービスはよく<quote>モニター"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"</quote>と呼ばれます。<quote>[sssd]</quote> セクションは、モニターだけでな"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"く、識別ドメインのような他の重要なオプションを設定するために使用されます。 "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SERVICES SECTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "サービスセクション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Settings that can be used to configure different services are described in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"section, for example, for NSS service, the section would be <quote>[nss]</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"異なるサービスを設定するために使用される設定がこのセクションに記述されます。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"それらは [<replaceable>$NAME</replaceable>] セクションに置かれます。たとえ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ば、NSS サービスは <quote>[nss]</quote> セクションです"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "General service configuration options"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "サービス設定の全体オプション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "These options can be used to configure any service."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "fd_limit"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozekmsgstr "fd_limit"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"This option specifies the maximum number of file descriptors that may be "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"opened at one time by this SSSD process. On systems where SSSD is granted "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"systems without this capability, the resulting value will be the lower value "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"of this or the limits.conf \"hard\" limit."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Default: 8192 (or limits.conf \"hard\" limit)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "client_idle_timeout"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "client_idle_timeout"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"This option specifies the number of seconds that a client of an SSSD process "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"can hold onto a file descriptor without communicating on it. This value is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"limited in order to avoid resource exhaustion on the system. The timeout "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"can't be shorter than 10 seconds. If a lower value is configured, it will be "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"adjusted to 10 seconds."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: 60"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "初期値: 60"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "offline_timeout (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"When SSSD switches to offline mode the amount of time before it tries to go "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"back online will increase based upon the time spent disconnected. This "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"value is in seconds and calculated by the following:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "offline_timeout + random_offset"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The random offset can increment up to 30 seconds. After each unsuccessful "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"attempt to go online, the new interval is recalculated by the following:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "new_interval = old_interval*2 + random_offset"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Note that the maximum length of each interval is currently limited to one "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"hour. If the calculated length of new_interval is greater than an hour, it "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"will be forced to one hour."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "responder_idle_timeout"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"This option specifies the number of seconds that an SSSD responder process "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"can be up without being used. This value is limited in order to avoid "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"resource exhaustion on the system. The minimum acceptable value for this "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"option is 60 seconds. Setting this option to 0 (zero) means that no timeout "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"will be set up to the responder. This option only has effect when SSSD is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"built with systemd support and when services are either socket or D-Bus "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "Default: 300"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "初期値: 300"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "cache_first"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"This option specifies whether the responder should query all caches before "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"querying the Data Providers."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "NSS configuration options"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "NSS 設定オプション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These options can be used to configure the Name Service Switch (NSS) service."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"これらのオプションは Name Service Switch (NSS) サービスを設定するために使用で"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "enum_cache_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "enum_cache_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"How many seconds should nss_sss cache enumerations (requests for info about "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が列挙をキャッシュする秒数です(すべてのユーザーに関する情報に対する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 120"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 120"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "entry_cache_nowait_percentage (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_cache_nowait_percentage (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The entry cache can be set to automatically update entries in the background "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"if they are requested beyond a percentage of the entry_cache_timeout value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"for the domain."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"エントリーキャッシュは、ドメインに対して entry_cache_timeout の値を超えて要求"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"された場合に、バックグラウンドでエントリーを自動的に更新するよう設定できま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For example, if the domain's entry_cache_timeout is set to 30s and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"after 15 seconds past the last cache update will be returned immediately, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"but the SSSD will go and update the cache on its own, so that future "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"requests will not need to block waiting for a cache update."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"たとえば、ドメインの entry_cache_timeout が 30s に設定され、"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"entry_cache_nowait_percentage が 50 (%) に設定されていると、エントリーが 15 "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"秒経過後にきて、最新の更新キャッシュが直ちに返されます。しかし、SSSD が自身に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"キャッシュされ、更新されます。そのため、その先の要求はキャッシュ更新を待つこ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"とをブロックする必要がありません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Valid values for this option are 0-99 and represent a percentage of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"entry_cache_timeout for each domain. For performance reasons, this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"disables this feature)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このオプションに対して有効な値は 0-99 です。各ドメインに対する "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"entry_cache_timeout のパーセンテージを表します。性能上の理由から、このパーセ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ンテージは 10 秒よりも小さく nowait タイムアウトを減らすべきではありません。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"(0 はこの機能を無効にします)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 50"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 50"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "entry_negative_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_negative_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies for how many seconds nss_sss should cache negative cache hits "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(that is, queries for invalid database entries, like nonexistent ones) "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"before asking the back end again."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"せ)をキャッシュする秒数を指定します。"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 15"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 15"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "local_negative_timeout (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Specifies for how many seconds nss_sss should keep local users and groups in "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"negative cache before trying to look it up in the back end again."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: 0"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "初期値: 0"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "filter_users, filter_groups (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "filter_users, filter_groups (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Exclude certain users or groups from being fetched from the sss NSS "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"database. This is particularly useful for system accounts. This option can "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"also be set per-domain or include fully-qualified names to filter only users "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"from the particular domain."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"NOTE: The filter_groups option doesn't affect inheritance of nested group "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"members, since filtering happens after they are propagated for returning via "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"NSS. E.g. a group having a member group filtered out will still have the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"member users of the latter listed."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: root"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: root"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "filter_users_in_groups (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "filter_users_in_groups (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If you want filtered user still be group members set this option to false."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"フィルターされたユーザーがまだグループメンバーのままにしたいならば、このオプ"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "fallback_homedir (string)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "fallback_homedir (文字列)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Set a default template for a user's home directory if one is not specified "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"explicitly by the domain's data provider."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"ドメインのデータプロバイダーにより明示的に指定されていない場合に、ユーザーの"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"ホームディレクトリーの標準テンプレートを設定します。"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"The available values for this option are the same as for override_homedir."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"このオプションに対して利用可能なオプションは override_homedir に対するものと"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"fallback_homedir = /home/%u\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"fallback_homedir = /home/%u\n"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:539 include/override_homedir.xml:59
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: not set (no substitution for unset home directories)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "override_shell (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "override_shell (文字列)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Override the login shell for all users. This option supersedes any other "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"shell options if it takes effect and can be set either in the [nss] section "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"or per-domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Default: not set (SSSD will use the value retrieved from LDAP)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "allowed_shells (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "allowed_shells (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Restrict user shell to one of the listed values. The order of evaluation is:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのシェルを一覧にある値のどれかに制限します。評価の順番は次のとおりで"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"quote>, use the value of the shell_fallback parameter."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"2. シェルが allowed_shells 一覧にあるが、<quote>/etc/shells</quote> になけれ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ば、shell_fallback パラメーターの値を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"shells</quote>, a nologin shell is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"3. シェルが allowed_shells 一覧になく、<quote>/etc/shells</quote> にもなけれ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ば、nologin シェルが使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "The wildcard (*) can be used to allow any shell."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"The (*) is useful if you want to use shell_fallback in case that user's "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"allowed shells in allowed_shells would be to much overhead."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "An empty string for shell is passed as-is to libc."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "シェルの空文字列は libc にそのまま渡されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that a restart of the SSSD is required in case a new shell is installed."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>/etc/shells</quote> は SSSD が開始されるときにのみ読み込まれます。これ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"は新しいシェルがインストールされた場合 SSSD の再起動が必要になることを意味し"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Not set. The user shell is automatically used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "vetoed_shells (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "vetoed_shells (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Replace any instance of these shells with the shell_fallback"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "shell_fallback (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "shell_fallback (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The default shell to use if an allowed shell is not installed on the machine."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"許可されたシェルがマシンにインストールされていない場合に使用する標準シェルで"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: /bin/sh"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "default_shell"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "default_shell"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The default shell to use if the provider does not return one during lookup. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This option can be specified globally in the [nss] section or per-domain."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Default: not set (Return NULL if no shell is specified and rely on libc to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"substitute something sensible when necessary, usually /bin/sh)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "get_domains_timeout (int)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "get_domains_timeout (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies time in seconds for which the list of subdomains will be "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"considered valid."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "memcache_timeout (int)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "memcache_timeout (整数)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Specifies time in seconds for which records in the in-memory cache will be "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"valid. Setting this option to zero will disable the in-memory cache."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"WARNING: Disabling the in-memory cache will have significant negative impact "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"on SSSD's performance and should only be used for testing."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"client applications will not use the fast in-memory cache."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "user_attributes (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Some of the additional NSS responder requests can return more attributes "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"than just the POSIX ones defined by the NSS interface. The list of "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"attributes is controlled by this option. It is handled the same way as the "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"<quote>user_attributes</quote> option of the InfoPipe responder (see "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"manvolnum> </citerefentry> for details) but with no default values."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"To make configuration more easy the NSS responder will check the InfoPipe "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"option if it is not set for the NSS responder."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: not set, fallback to InfoPipe option"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "pwfield (string)"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The value that NSS operations that return users or groups will return for "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"the <quote>password</quote> field."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "This option can also be set per-domain."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgstr "このオプションはドメインごとに設定できます。"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "PAM configuration options"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "PAM 設定オプション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These options can be used to configure the Pluggable Authentication Module "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(PAM) service."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"これらのオプションは Pluggable Authentication Module (PAM) サービスを設定する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "offline_credentials_expiration (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "offline_credentials_expiration (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If the authentication provider is offline, how long should we allow cached "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"logins (in days since the last successful online login)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"認証プロバイダーがオフラインの場合に、キャッシュログインを許可する時間(オン"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ラインログインの最終成功からの日数)です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 0 (No limit)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 0 (無制限)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "offline_failed_login_attempts (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "offline_failed_login_attempts (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If the authentication provider is offline, how many failed login attempts "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "offline_failed_login_delay (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "offline_failed_login_delay (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The time in minutes which has to pass after offline_failed_login_attempts "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"has been reached before a new login attempt is possible."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"新しいログイン試行が可能になる前に offline_failed_login_attempts に達した後に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"渡される分単位の時間です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to 0 the user cannot authenticate offline if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline_failed_login_attempts has been reached. Only a successful online "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"authentication can enable offline authentication again."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"0 に設定されていると、offline_failed_login_attempts に達した場合、ユーザーが"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"オフライン認証できません。オンライン認証に成功すると、再びオフライン認証を有"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 5"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 5"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_verbosity (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "pam_verbosity (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Controls what kind of messages are shown to the user during authentication. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The higher the number to more messages are displayed."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"認証中にユーザーに表示されるメッセージの種類を制御します。数字が大きければ大"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"きいほどメッセージが表示されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Currently sssd supports the following values:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "現在 sssd は以下の値をサポートします:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: do not show any message"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>1</emphasis>: show only important messages"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>2</emphasis>: show informational messages"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>3</emphasis>: show all messages and debug information"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 1"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 1"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "pam_response_filter (integer)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"A comma separated list of strings which allows to remove (filter) data sent "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"by the PAM responder to pam_sss PAM module. There are different kind of "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"responses sent to pam_sss e.g. messages displayed to the user or environment "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"variables which should be set by pam_sss."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"While messages already can be controlled with the help of the pam_verbosity "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"option this option allows to filter out other kind of responses as well."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Do not send any environment variables to any service."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ENV:var_name"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Do not send environment variable var_name to any service."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ENV:var_name:service"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Do not send environment variable var_name to service."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Currently the following filters are supported: <placeholder type="
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"\"variablelist\" id=\"0\"/>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "Example: ENV:KRB5CCNAME:sudo-i"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_id_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "pam_id_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For any PAM request while SSSD is online, the SSSD will attempt to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"immediately update the cached identity information for the user in order to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ensure that authentication takes place with the latest information."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD がオンラインの間はすべての PAM 要求に対して、ユーザーが最新の情報で認証"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A complete PAM conversation may perform multiple PAM requests, such as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"account management and session opening. This option controls (on a per-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"client-application basis) how long (in seconds) we can cache the identity "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"information to avoid excessive round-trips to the identity provider."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"完全な PAM のやりとりは、アカウント管理やセッション開始のように、複数の PAM "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"要求を実行できます。このオプションは、識別プロバイダーに対する過剰なラウンド"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"トリップを避けるために識別情報をキャッシュできる時間(秒数)を(クライアント"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"アプリケーションごとに)制御します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_pwd_expiration_warning (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "pam_pwd_expiration_warning (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Display a warning N days before the password expires."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that the backend server has to provide information about the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"expiration time of the password. If this information is missing, sssd "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cannot display a warning."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"If zero is set, then this filter is not applied, i.e. if the expiration "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"warning was received from backend server, it will automatically be displayed."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"emphasis> for a particular domain."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "pam_trusted_users (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Specifies the comma-separated list of UID values or user names that are "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"allowed to run PAM conversations against trusted domains. Users not "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"included in this list can only access domains marked as public with "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: All users are considered trusted by default"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Please note that UID 0 is always allowed to access the PAM responder even in "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"case it is not in the pam_trusted_users list."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "pam_public_domains (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Specifies the comma-separated list of domain names that are accessible even "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"to untrusted users."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Two special values for pam_public_domains option are defined:"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"all (Untrusted users are allowed to access all domains in PAM responder.)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"none (Untrusted users are not allowed to access any domains PAM in "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"responder.)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: none"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "初期値: none"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "pam_account_expired_message (string)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Allows a custom expiration message to be set, replacing the default "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"'Permission denied' message."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Note: Please be aware that message is only printed for the SSH service "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"unless pam_verbosity is set to 3 (show all messages and debug information)."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"pam_account_expired_message = Account expired, please contact help desk.\n"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pam_account_locked_message (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Allows a custom lockout message to be set, replacing the default 'Permission "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"denied' message."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"pam_account_locked_message = Account locked, please contact help desk.\n"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pam_cert_auth (bool)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Enable certificate based Smartcard authentication. Since this requires "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"additional communication with the Smartcard which will delay the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"authentication process this option is disabled by default."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: False"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "初期値: 偽"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pam_cert_db_path (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The path to the certificate database which contain the PKCS#11 modules to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"access the Smartcard."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: /etc/pki/nssdb (NSS version)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "p11_child_timeout (integer)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "How many seconds will pam_sss wait for p11_child to finish."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "pam_app_services (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Which PAM services are permitted to contact domains of type "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>application</quote>"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "SUDO configuration options"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SUDO 設定オプション"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"These options can be used to configure the sudo service. The detailed "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_timed (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sudo_timed (論理値)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"that implement time-dependent sudoers entries."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"を評価するかしないかです。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_deref_threshold (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sudo_threshold (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_deref_threshold (整数)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Maximum number of expired rules that can be refreshed at once. If number of "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"expired rules is below threshold, those rules are refreshed with "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>full refresh</quote> of sudo rules is triggered instead. This "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"threshold number also applies to IPA sudo command and command group searches."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "AUTOFS configuration options"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "Autofs 設定オプション"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "These options can be used to configure the autofs service."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "これらのオプションが autofs サービスを設定するために使用されます。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "autofs_negative_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "autofs_negative_timeout (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Specifies for how many seconds should the autofs responder negative cache "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"hits (that is, queries for invalid map entries, like nonexistent ones) "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"before asking the back end again."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"autofs レスポンダーのネガティブキャッシュ(つまり、存在しないもののように、無"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ヒットする秒数を指定します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "SSH configuration options"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "SSH 設定オプション"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "These options can be used to configure the SSH service."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "これらのオプションは SSH サービスを設定するために使用されます。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ssh_hash_known_hosts (bool)"
7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozekmsgstr "ssh_hash_known_hosts (論理値)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
45db68ae27147955a4be4c2c772041824c0dc00fStephen Gallagher"Whether or not to hash host names and addresses in the managed known_hosts "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ssh_known_hosts_timeout (integer)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ssh_known_hosts_timeout (整数)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"How many seconds to keep a host in the managed known_hosts file after its "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"host keys were requested."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: 180"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "初期値: 180"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "ca_db (string)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Path to a storage of trusted CA certificates. The option is used to validate "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"user certificates before deriving public ssh keys from them."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: /etc/pki/nssdb"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "PAC responder configuration options"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"The PAC responder works together with the authorization data plugin for MIT "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"provider collects domain SID and ID ranges of the domain the client is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"joined to and of remote trusted domains from the local domain controller. If "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the PAC is decoded and evaluated some of the following operations are done:"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"If the remote user does not exist in the cache, it is created. The UID is "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"determined with the help of the SID, trusted domains will have UPGs and the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"GID will have the same value as the UID. The home directory is set based on "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"the system defaults are used, but can be overwritten with the default_shell "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"If there are SIDs of groups from domains sssd knows about, the user will be "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"added to those groups."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "These options can be used to configure the PAC responder."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "allowed_uids (string)"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozekmsgstr "allowed_uids (文字列)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Specifies the comma-separated list of UID values or user names that are "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"allowed to access the PAC responder. User names are resolved to UIDs at "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "Default: 0 (only the root user is allowed to access the PAC responder)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Please note that although the UID 0 is used as the default it will be "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"overwritten with this option. If you still want to allow the root user to "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"access the PAC responder, which would be the typical case, you have to add 0 "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"to the list of allowed UIDs as well."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pac_lifetime (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"data can be used to determine the group memberships of a user."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "General service configuration options"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Session recording configuration options"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "サービス設定の全体オプション"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "This manual page describes the configuration of the IPA provider for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Session recording works in conjunction with <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, a part of tlog package, to log what users see and type when "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"ジの <quote>ファイル形式</quote> を参照してください。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "These options can be used to configure any service."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "These options can be used to configure session recording."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "sudo_provider (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "scope (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "sudo_provider (文字列)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "\"none\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "No users are recorded."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "\"some\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Append this user to groups specified by the <replaceable>GROUPS</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "is a comma separated list of group names."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Users/groups specified by <replaceable>users</replaceable> and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<replaceable>groups</replaceable> options are recorded."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定された"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"プ名のカンマ区切り一覧です。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "\"all\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "All users are recorded."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The following expansions are supported: <placeholder type=\"variablelist"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"One of the following strings specifying the scope of session recording: "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: none"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: \"none\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "初期値: none"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "skel_dir (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "users (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "skel_dir (文字列)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"A comma-separated list of users which should have session recording enabled. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Matches user names as returned by NSS. I.e. after the possible space "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"replacement, case changes, etc."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: empty, i.e. ldap_uri is used."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: Empty. Matches no users."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "初期値: 空、つまり ldap_uri が使用されます。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_group_name (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "groups (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_group_name (文字列)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"A comma-separated list of groups, members of which should have session "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"recording enabled. Matches group names as returned by NSS. I.e. after the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"possible space replacement, case changes, etc."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"NOTE: using this option (having it set to anything) has a considerable "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"performance cost, because each uncached request for a user requires "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"retrieving and matching the groups the user is member of."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: Empty. Matches no groups."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "DOMAIN SECTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ドメインセクション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "domain_type (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Specifies whether the domain is meant to be used by POSIX-aware clients such "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"as the Name Service Switch or by applications that do not need POSIX data to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"be present or generated. Only objects from POSIX domains are available to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the operating system interfaces and utilities."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Allowed values for this option are <quote>posix</quote> and "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>application</quote>."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"POSIX domains are reachable by all services. Application domains are only "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"reachable from the InfoPipe responder (see <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry>) and the PAM responder."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"NOTE: The application domains are currently well tested with "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>id_provider=ldap</quote> only."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"For an easy way to configure a non-POSIX domains, please see the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>Application domains</quote> section."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Default: posix"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "min_id,max_id (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "min_id,max_id (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"UID and GID limits for the domain. If a domain contains an entry that is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"outside these limits, it is ignored."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメインに対する UID と GID の制限です。ドメインがこれらの制限の外にあるエン"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"トリーを含む場合、それは無視されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For users, this affects the primary GID limit. The user will not be returned "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to NSS if either the UID or the primary GID is outside the range. For non-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"primary group memberships, those that are in range will be reported as "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーに対して、これはプライマリー GID 制限に影響します。 UID またはプライ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"マリー GID が範囲外ならば、ユーザーは NSS に返されません。非プライマリーメン"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"These ID limits affect even saving entries to cache, not only returning them "
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"by name or ID."
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 1 for min_id, 0 (no limit) for max_id"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: min_id は 1, max_id は 0 (無制限)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "enumerate (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "enumerate (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Determines if a domain can be enumerated, that is, whether the domain can "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"list all the users and group it contains. Note that it is not required to "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"enable enumeration in order for secondary groups to be displayed. This "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"parameter can have one of the following values:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "TRUE = Users and groups are enumerated"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "TRUE = ユーザーとグループが列挙されます"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "FALSE = No enumerations for this domain"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "FALSE = このドメインに対して列挙しません"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: FALSE"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: FALSE"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Enumerating a domain requires SSSD to download and store ALL user and group "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"entries from the remote server."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note: Enabling enumeration has a moderate performance impact on SSSD while "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumeration is running. It may take up to several minutes after SSSD startup "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to fully complete enumerations. During this time, individual requests for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"information will go directly to LDAP, though it may be slow, due to the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"heavy enumeration processing. Saving a large number of entries to cache "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"after the enumeration completes might also be CPU intensive as the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"memberships have to be recomputed. This can lead to the <quote>sssd_be</"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"quote> process becoming unresponsive or even restarted by the internal "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"While the first enumeration is running, requests for the complete user or "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"group lists may return no results until it completes."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"最初の列挙が実行中の間、完全なユーザーまたはグループの一覧に対する要求は、そ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"れが完了するまで結果を返しません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Further, enabling enumeration may increase the time necessary to detect "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"network disconnection, as longer timeouts are required to ensure that "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumeration lookups are completed successfully. For more information, refer "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to the man pages for the specific id_provider in use."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"さらに、列挙を有効にすることにより、挙の検索が確実に正しく完了するよりも長く"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"する必要があるので、ネットワーク切断を検知するために必要な時間が増える可能性"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"があります。詳細は使用している具体的な id_provider のマニュアルページを参照し"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"For the reasons cited above, enabling enumeration is not recommended, "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"especially in large environments."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozekmsgid "subdomain_enumerate (string)"
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozekmsgid "All discovered trusted domains will be enumerated"
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozekmsgid "No discovered trusted domains will be enumerated"
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"Whether any of autodetected trusted domains should be enumerated. The "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"Optionally, a list of one or more domain names can enable enumeration just "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"for these trusted domains."
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "entry_cache_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_cache_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"How many seconds should nss_sss consider entries valid before asking the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"backend again"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が再びバックエンドに問い合わせる前にエントリーを有効であると考える秒"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The cache expiration timestamps are stored as attributes of individual "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"objects in the cache. Therefore, changing the cache timeout only has effect "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"for newly added or expired entries. You should run the <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"citerefentry> tool in order to force refresh of entries that have already "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"been cached."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 5400"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 5400"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_user_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_cache_user_timeout (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider user entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が再びバックエンドに問い合わせる前にユーザーエントリーを有効であると"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: entry_cache_timeout"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: entry_cache_timeout"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_group_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_cache_group_timeout (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider group entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が再びバックエンドに問い合わせる前にグループエントリーを有効であると"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_netgroup_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_cache_netgroup_timeout (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider netgroup entries valid before "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"asking the backend again"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が再びバックエンドに問い合わせる前にネットワークグループエントリーを"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"有効であると考える秒数です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "entry_cache_service_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "entry_cache_service_timeout (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"How many seconds should nss_sss consider service entries valid before asking "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the backend again"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"nss_sss が再びバックエンドに問い合わせる前にサービスエントリーを有効であると"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "entry_cache_sudo_timeout (integer)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "entry_cache_sudo_timeout (integer)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"How many seconds should sudo consider rules valid before asking the backend "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "entry_cache_autofs_timeout (integer)"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "entry_cache_autofs_timeout (整数)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"How many seconds should the autofs service consider automounter maps valid "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"before asking the backend again"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "entry_cache_ssh_host_timeout (integer)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"How many seconds to keep a host ssh key after refresh. IE how long to cache "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the host key for."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "refresh_expired_interval (integer)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "refresh_expired_interval (整数)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Specifies how many seconds SSSD has to wait before triggering a background "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"refresh task which will refresh all expired or nearly expired records."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"The background refresh will process users, groups and netgroups in the cache."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "You can consider setting this value to 3/4 * entry_cache_timeout."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "Default: 0 (disabled)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "初期値: 0 (無効)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "cache_credentials (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "cache_credentials (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Determines if user credentials are also cached in the local LDB cache"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "User credentials are stored in a SHA512 hash, not in plaintext"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "cache_credentials_minimal_first_factor_length (int)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"this value determines the minimal length the first authentication factor "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"(long term password) must have to be saved as SHA512 hash into the cache."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"the cache which would make them easy targets for brute-force attacks."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "Default: 8"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "account_cache_expiration (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "account_cache_expiration (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Number of days entries are left in cache after last successful login before "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"being removed during a cleanup of the cache. 0 means keep forever. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"value of this parameter must be greater than or equal to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline_credentials_expiration."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"正常にログイン後、キャッシュのクリーンアップ中にエントリーが削除される前の日"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"数です。 0 は永久に保持することを意味します。このパラメーターの値は "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"offline_credentials_expiration と同等以上でなければいけません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 0 (unlimited)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 0 (無制限)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "pwd_expiration_warning (integer)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "pwd_expiration_warning (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Please note that the backend server has to provide information about the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"expiration time of the password. If this information is missing, sssd "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"cannot display a warning. Also an auth provider has to be configured for the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: 7 (Kerberos), 0 (LDAP)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "初期値: 7 (Kerberos), 0 (LDAP)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "id_provider (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "id_provider (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The identification provider used for the domain. Supported ID providers are:"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ドメインに対して使用される識別子プロバイダーです。サポートされる ID プロバイ"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ダーは次のとおりです:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "<quote>proxy</quote>: Support a legacy NSS provider"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "<quote>local</quote>: SSSD internal provider for local users"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"information on configuring LDAP."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>ldap</quote>: LDAP プロバイダー。LDAP の設定に関する詳細は "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"manvolnum> </citerefentry> を参照してください。"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してくださ"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry> for more information on configuring Active Directory."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>ad</quote>: Active Directory プロバイダー。Active Directory の設定に関"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"する詳細は <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "use_fully_qualified_names (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "use_fully_qualified_names (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Use the full name and domain (as formatted by the domain's full_name_format) "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"as the user's login name reported to NSS."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"NSS に報告するユーザーのログイン名としてフルネームとドメイン (ドメインの完全"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"名形式により整形されたように) を使用します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to TRUE, all requests to this domain must use fully qualified names. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For example, if used in LOCAL domain that contains a \"test\" user, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>getent passwd test</command> wouldn't find the user while "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>getent passwd test@LOCAL</command> would."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"TRUE に設定されていると、このドメインへのすべての要求は完全修飾名を使用する必"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"要があります。たとえば、 \"test\" ユーザーを含む LOCAL ドメインにおいて使用さ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"れていると、<command>getent passwd test</command> はユーザーを見つけられませ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"NOTE: This option has no effect on netgroup lookups due to their tendency to "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"include nested netgroups without qualified names. For netgroups, all domains "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"will be searched when an unqualified name is requested."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "Default: FALSE (TRUE if default_domain_suffix is used)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ignore_group_members (bool)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ignore_group_members (論理値)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Do not return group members for group lookups."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If set to TRUE, the group membership attribute is not requested from the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ldap server, and group members are not returned when processing group lookup "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"return the requested group as if it was empty."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Enabling this option can also make access provider checks for group "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"membership significantly faster, especially for groups containing many "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "auth_provider (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "auth_provider (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The authentication provider used for the domain. Supported auth providers "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメインに対して使用される認証プロバイダーです。サポートされる認証プロバイ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more information on configuring LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>ldap</quote> は本来の LDAP 認証向けです。LDAP の設定に関する詳細は "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry> を参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more information on configuring Kerberos."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry> を参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>proxy</quote> for relaying authentication to some other PAM target."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<quote>none</quote> disables authentication explicitly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<quote>none</quote> は明示的に認証を無効化します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication requests."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ならば、それが使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "access_provider (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "access_provider (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The access control provider used for the domain. There are two built-in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access providers (in addition to any included in installed backends) "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Internal special providers are:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメインに対して使用されるアクセス制御プロバイダーです。 2 つの組み込みアクセ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"スプロバイダーがあります(インストールされたバックエンドに含まれるすべてを加"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"えます)。内部の特別プロバイダーは次のとおりです:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>permit</quote> always allow access. It's the only permitted access "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"provider for a local domain."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"<quote>permit</quote> は常にアクセスを許可します。ローカルドメインに対するプ"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"ロバイダーのみアクセスが許可されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<quote>deny</quote> always deny access."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<quote>deny</quote> は常にアクセスを拒否します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>simple</quote> access control based on access or deny lists. See "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum></citerefentry> for more information on configuring the simple "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access module."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>simple</quote> アクセス制御はアクセスまたは拒否の一覧に基づきます。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"simple アクセスモジュールの設定に関する詳細は <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> を参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"citerefentry> for more information on configuring Kerberos."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<quote>proxy</quote> for relaying access control to another PAM module."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <quote>permit</quote>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: <quote>permit</quote>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "chpass_provider (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "chpass_provider (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The provider which should handle change password operations for the domain. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Supported change password providers are:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメインに対するパスワード変更操作を取り扱うプロバイダーです。サポートされる"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"パスワード変更プロバイダーは次のとおりです:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>ldap</quote> to change a password stored in a LDAP server. See "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> for more information on configuring LDAP."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more information on configuring Kerberos."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>krb5</quote> は Kerberos のパスワードを変更します。 Kerberos の設定に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"関する詳細は <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>proxy</quote> for relaying password changes to some other PAM target."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<quote>none</quote> disallows password changes explicitly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: <quote>auth_provider</quote> is used if it is set and can handle "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"change password requests."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: <quote>auth_provider</quote> が設定され、パスワードの変更要求を取り扱"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"うことができるならば、それが使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "sudo_provider (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sudo_provider (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The SUDO provider used for the domain. Supported SUDO providers are:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"citerefentry> for more information on configuring LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>ldap</quote> は LDAP に保存されているルールのためです。LDAP の設定に関"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "<quote>none</quote> disables SUDO explicitly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: The value of <quote>id_provider</quote> is used if it is set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The detailed instructions for configuration of sudo_provider are in the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"options that can be used to adjust the behavior. Please refer to "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"background unless the sudo provider is explicitly disabled. Set "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"activity in SSSD if you do not want to use sudo with SSSD at all."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "selinux_provider (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "selinux_provider (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The provider which should handle loading of selinux settings. Note that this "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"provider will be called right after access provider ends. Supported selinux "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"providers are:"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<quote>ipa</quote> to load selinux settings from an IPA server. See "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "<quote>none</quote> disallows fetching selinux settings explicitly."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Default: <quote>id_provider</quote> is used if it is set and can handle "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"selinux loading requests."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "subdomains_provider (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "subdomains_provider (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The provider which should handle fetching of subdomains. This value should "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"be always the same as id_provider. Supported subdomain providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"<quote>ad</quote> to load a list of subdomains from an Active Directory "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"the AD provider."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disallows fetching subdomains explicitly."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "selinux_provider (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "session_provider (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "selinux_provider (文字列)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The provider which configures and manages user session related tasks. The "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"only user session task currently provided is the integration with Fleet "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Commander, which works only with IPA. Supported session providers are:"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "<quote>ipa</quote> to allow performing user session related tasks."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>none</quote> does not perform any kind of user session related tasks."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "authentication requests."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Default: <quote>id_provider</quote> is used if it is set and can perform "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"session related tasks."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"ならば、それが使用されます。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"SSSD must be running as \"root\" and not as the unprivileged user."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "autofs_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "autofs_provider (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The autofs provider used for the domain. Supported autofs providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"プロバイダーは次のとおりです:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry> for more information on configuring LDAP."
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"<quote>ldap</quote> は LDAP に保存されているマップを読み込みます。LDAP の設定"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry> for more information on configuring IPA."
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA "
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"citerefentry> for more information on configuring the AD provider."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disables autofs explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "<quote>none</quote> は明示的に autofs を無効にします。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "hostid_provider (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "hostid_provider (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The provider used for retrieving host identity information. Supported "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"hostid providers are:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"hostid プロバイダーは次のとおりです:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ipa</quote> to load host identity stored in an IPA server. See "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"manvolnum> </citerefentry> for more information on configuring IPA."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<quote>ipa</quote> は IPA サーバーに保存されているホスト識別子を読み込みま"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"す。IPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<quote>none</quote> disables hostid explicitly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "<quote>none</quote> は明示的に hostid を無効にします。"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Regular expression for this domain that describes how to parse the string "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"containing user name and domain into these components. The \"domain\" can "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"match either the SSSD configuration domain name, or, in the case of IPA "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"the domain."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"P<name>[^@\\\\]+)$))</quote> which allows three different styles for "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"user names:"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "username"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "username"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "username@domain.name"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "username@domain.name"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "domain\\username"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "domain\\username"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"While the first two correspond to the general default the third one is "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"introduced to allow easy integration of users from Windows domains."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"which translates to \"the name is everything up to the <quote>@</quote> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"sign, the domain everything after that\""
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"初期値: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> で"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"す。\"the name is everything up to the <quote>@</quote> sign, the domain "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"everything after that\" に解釈されます。"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"PLEASE NOTE: the support for non-unique named subpatterns is not available "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"version 7 or higher can support non-unique named subpatterns."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"P<name>) to label subpatterns."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"関連注記: 古いバージョンの libpcre はサブパターンをラベル付けするために "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Python 構文 (?P<name>) のみをサポートします。"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: <quote>%1$s@%2$s</quote>."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgstr "初期値: <quote>%1$s@%2$s</quote>."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "lookup_family_order (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "lookup_family_order (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Provides the ability to select preferred address family to use when "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"performing DNS lookups."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"DNS 検索を実行するときに使用する、優先アドレスファミリーを選択する機能を提供"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Supported values:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "サポートする値:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: ipv4_first"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: ipv4_first"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "dns_resolver_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "dns_resolver_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "resolver before assuming that it is unreachable. If this timeout is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "reached, the domain will continue to operate in offline mode."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Defines the amount of time (in seconds) to wait for a reply from the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"internal fail over service before assuming that the service is unreachable. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"If this timeout is reached, the domain will continue to operate in offline "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"DNS リゾルバーが到達不可能であると仮定するまでに、そこからの応答を待つ時間"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"(秒単位)を定義します。このタイムアウトに達すると、ドメインはオフラインモー"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please see the section <quote>FAILOVER</quote> for more information about "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the service resolution."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozekmsgid "Default: 6"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozekmsgstr "初期値: 6"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "dns_discovery_domain (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "dns_discovery_domain (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If service discovery is used in the back end, specifies the domain part of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the service discovery DNS query."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"サービス検索がバックエンドで使用されていると、サービス検索 DNS クエリーのドメ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Use the domain part of machine's hostname"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: マシンのホスト名のドメイン部分を使用します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "override_gid (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "override_gid (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Override the primary GID value with the one specified."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "プライマリー GID の値を指定されたもので上書きします。"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "case_sensitive (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Case sensitive. This value is invalid for AD provider."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "False"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Case insensitive."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Preserving"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Same as False (case insensitive), but does not lowercase names in the result "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"of NSS operations. Note that name aliases (and in case of services also "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"protocol names) are still lowercased in the output."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Treat user and group names as case sensitive. At the moment, this option is "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"not supported in the local provider. Possible option values are: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: True (False for AD provider)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "subdomain_inherit (string)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Specifies a list of configuration parameters that should be inherited by a "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"subdomain. Please note that only selected parameters can be inherited. "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Currently the following options can be inherited:"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ignore_group_members"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_purge_cache_timeout"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_use_tokengroups"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_user_principal"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"is not set explicitly)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"subdomain_inherit = ldap_purge_cache_timeout\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Note: This option only works with the IPA and AD provider."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "subdomain_homedir (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "subdomain_homedir (文字列)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "flat (NetBIOS) name of a subdomain."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "サブドメインのフラット (NetBIOS) 名。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Use this homedir as default value for all subdomains within this domain in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"possible values. In addition to those, the expansion below can only be used "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"\"variablelist\" id=\"0\"/>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The value can be overridden by <emphasis>override_homedir</emphasis> option."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: <filename>/home/%d/%u</filename>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "初期値: <filename>/home/%d/%u</filename>"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "realmd_tags (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "realmd_tags (文字列)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Various tags stored by the realmd configuration service for this domain."
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozekmsgid "cached_auth_timeout (int)"
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"Specifies time in seconds since last successful online authentication for "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"which user will be authenticated using cached credentials while SSSD is in "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"the online mode."
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozekmsgid "Special value 0 implies that this feature is disabled."
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"Please note that if <quote>cached_auth_timeout</quote> is longer than "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"<quote>pam_id_timeout</quote> then the back end could be called to handle "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"<quote>initgroups.</quote>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "autofs_provider (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "auto_private_groups (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "autofs_provider (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"If this option is enabled, SSSD will automatically create user private "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"groups based on user's UID number. The GID number is ignored in this case."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"For POSIX subdomains, setting the option in the main domain is inherited in "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"the subdomain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"For ID-mapping subdomains, auto_private_groups is already enabled for the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"subdomains and setting it to false will not have any effect for the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"NOTE: Because the GID number and the user private group are inferred from "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"the UID number, it is not supported to have multiple entries with the same "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"UID or GID number with this option. In other words, enabling this option "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"enforces uniqueness across the ID space."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These configuration options can be present in a domain configuration "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"これらの設定オプションはドメイン設定のセクション、つまり <quote>[domain/"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>NAME</replaceable>]</quote> に存在します <placeholder type="
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "proxy_pam_target (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "proxy_pam_target (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The proxy target PAM proxies to."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "中継するプロキシターゲット PAM です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: not set by default, you have to take an existing pam configuration "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"or create a new one and add the service name here."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"をここに追加する必要があります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "proxy_lib_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "proxy_lib_name (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the NSS library to use in proxy domains. The NSS functions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"searched for in the library are in the form of _nss_$(libName)_$(function), "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"for example _nss_files_getpwent."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"プロキシードメインにおいて使用する NSS ライブラリーの名前です。ライブラリーに"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"おいて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"_nss_files_getpwent です。"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "proxy_fast_alias (boolean)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "proxy_fast_alias (論理値)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"When a user or group is looked up by name in the proxy provider, a second "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"lookup by ID is performed to \"canonicalize\" the name in case the requested "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"name was an alias. Setting this option to true would cause the SSSD to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"perform the ID lookup from cache for performance reasons."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "proxy_max_children (integer)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This option specifies the number of pre-forked proxy children. It is useful "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"for high-load SSSD environments where sssd may run out of available child "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"slots, which would cause some issues due to the requests being queued."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"プロキシドメインに対して有効なオプションです。 <placeholder type="
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Application domains"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"applications as a gateway to an LDAP directory where users and groups are "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"stored. However, contrary to the traditional SSSD deployment where all users "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"and groups either have POSIX attributes or those attributes can be inferred "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"from the Windows SIDs, in many cases the users and groups in the application "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"support scenario have no POSIX attributes. Instead of setting a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"administrator can set up an <quote>[application/<replaceable>NAME</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"replaceable>]</quote> section that internally represents a domain with type "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>application</quote> optionally inherits settings from a tradition "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"SSSD domain."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Please note that the application domain must still be explicitly enabled in "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the <quote>domains</quote> parameter so that the lookup order between the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"application domain and its POSIX sibling domain is set correctly."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Application domain parameters"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "inherit_from (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The SSSD POSIX-type domain the application domain inherits all settings "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"from. The application domain can moreover add its own settings to the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"application settings that augment or override the <quote>sibling</quote> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"domain settings."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The following example illustrates the use of an application domain. In this "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"through the NSS responder. In addition, the application domain also requests "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the telephoneNumber attribute, stores it as the phone attribute in the cache "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"and makes the phone attribute reachable through the D-Bus interface."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"domains = appdom, posixdom\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"user_attributes = +phone\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"id_provider = ldap\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ldap_uri = ldap://ldap.example.com\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ldap_search_base = dc=example,dc=com\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"inherit_from = posixdom\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ldap_user_extra_attrs = phone:telephoneNumber\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The local domain section"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ローカルドメインのセクション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This section contains settings for domain that stores users and groups in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"SSSD native database, that is, a domain that uses "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>id_provider=local</replaceable>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このセクションは、ユーザーとグループを SSSD ネイティブデータベースに保存する"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメイン、つまり、 <replaceable>id_provider=local</replaceable> を使用するド"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"メインに対する設定を含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "default_shell (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "default_shell (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The default shell for users created with SSSD userspace tools."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/bin/bash</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: <filename>/bin/bash</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "base_directory (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "base_directory (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The tools append the login name to <replaceable>base_directory</replaceable> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"and use that as the home directory."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ツールがログイン名を <replaceable>base_directory</replaceable> に追加して、"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ホームディレクトリーとして使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/home</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: <filename>/home</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "create_homedir (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "create_homedir (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Indicate if a home directory should be created by default for new users. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Can be overridden on command line."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期状態で新規ユーザーに対するホームディレクトリーが作成されるかを指示しま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。コマンドラインにおいて上書きできます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: TRUE"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: TRUE"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "remove_homedir (bool)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "remove_homedir (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Indicate if a home directory should be removed by default for deleted "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"users. Can be overridden on command line."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期状態で新規ユーザーに対するホームディレクトリーが削除されるかを指示しま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。コマンドラインにおいて上書きできます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "homedir_umask (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "homedir_umask (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on a newly created home directory."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry> により使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 077"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 077"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "skel_dir (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "skel_dir (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the user's home directory, when the home directory is created by "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ホームディレクトリーが <citerefentry> <refentrytitle>sss_useradd</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> により作成されると"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"き、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクトリー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"を含む、スケルトンディレクトリーです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/etc/skel</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: <filename>/etc/skel</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "mail_dir (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "mail_dir (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The mail spool directory. This is needed to manipulate the mailbox when its "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"corresponding user account is modified or deleted. If not specified, a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"default value is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"メールスプールディレクトリーです。これに対応するユーザーアカウントが変更また"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"は削除されたとき、これを操作する必要があります。指定されていなければ、初期値"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/var/mail</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: <filename>/var/mail</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "userdel_cmd (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "userdel_cmd (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The command that is run after a user is removed. The command us passed the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"username of the user being removed as the first and only parameter. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"return code of the command is not taken into account."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーの削除後に実行されるコマンドです。コマンドは最初の唯一のパラメーター"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"として削除されるユーザーのユーザー名を渡します。コマンドの返り値は考慮されま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: None, no command is run"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: なし、コマンドを実行しません"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "TRUSTED DOMAIN SECTION"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"Some options used in the domain section can also be used in the trusted "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"domain section, that is, in a section called <quote>[domain/"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"domain. Please refer to examples below for explanation. Currently supported "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"options in the trusted domain section are:"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_user_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_group_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_netgroup_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_service_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ad_server,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ad_backup_server,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "ad_site,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "use_fully_qualified_names"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"For more details about these options see their individual description in the "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"manual page."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "EXAMPLES"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domains = LDAP\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"services = nss, pam\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"config_file_version = 2\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filter_groups = root\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filter_users = root\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"id_provider = ldap\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_uri = ldap://ldap.example.com\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_search_base = dc=example,dc=com\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"auth_provider = krb5\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"krb5_realm = EXAMPLE.COM\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cache_credentials = true\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"min_id = 10000\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"max_id = 20000\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumerate = False\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"domains = LDAP\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"services = nss, pam\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"config_file_version = 2\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"filter_groups = root\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"filter_users = root\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"id_provider = ldap\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_uri = ldap://ldap.example.com\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_search_base = dc=example,dc=com\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"auth_provider = krb5\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"krb5_realm = EXAMPLE.COM\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"cache_credentials = true\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"min_id = 10000\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"max_id = 20000\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"enumerate = False\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The following example shows a typical SSSD config. It does not describe "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "configuration of the domains themselves - refer to documentation on "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "configuring domains for more details. <placeholder type=\"programlisting"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"1. The following example shows a typical SSSD config. It does not describe "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuration of the domains themselves - refer to documentation on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuring domains for more details. <placeholder type=\"programlisting\" "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"以下の例は SSSD の一般的な設定を示します。ドメイン自身の設定を説明していませ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ん - ドメインの設定に関する詳細はドキュメントを参照してください。 "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<placeholder type=\"programlisting\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"use_fully_qualified_names = false\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"2. The following example shows configuration of IPA AD trust where the AD "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"forest consists of two domains in a parent-child structure. Suppose IPA "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"(child.ad.com). To enable shortnames in the child domain the following "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-ldap"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sssd-ldap"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD LDAP provider"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of LDAP domains for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> manual page for detailed syntax information."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>ファイル形式</quote> セクションを参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "You can configure SSSD to use more than one LDAP domain."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD が複数の LDAP ドメインを使用するよう設定できます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP back end supports id, auth, access and chpass providers. If you want to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"over an unencrypted channel. If the LDAP server is used only as an identity "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provider, an encrypted channel is not needed. Please refer to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap_access_filter</quote> config option for more information about "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"using LDAP as an access provider."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"必要になります。 <command>sssd</command> は暗号化されないチャネルにおける認証"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"はサポート<emphasis>されません</emphasis>。 LDAP サーバーが識別プロバイダーと"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"してのみ使用されるならば、暗号化チャネルは必要ありません。アクセスプロバイ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ダーとして LDAP を使用することの詳細は <quote>ldap_access_filter</quote> 設定"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"オプションを参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "CONFIGURATION OPTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "設定オプション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ldap_uri, ldap_backup_uri (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ldap_uri, ldap_backup_uri (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"should connect in the order of preference. Refer to the <quote>FAILOVER</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"quote> section for more information on failover and server redundancy. If "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"neither option is specified, service discovery is enabled. For more "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The format of the URI must match the format defined in RFC 2732:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap[s]://<host>[:port]"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap[s]://<host>[:port]"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"IPv6 アドレスを明示するために、<host> を角括弧 [] でくくる必要がありま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "example: ldap://[fc00::126:25]:389"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "例: ldap://[fc00::126:25]:389"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"should connect in the order of preference to change the password of a user. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Refer to the <quote>FAILOVER</quote> section for more information on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"failover and server redundancy."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "To enable service discovery ldap_chpass_dns_service_name must be set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: empty, i.e. ldap_uri is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 空、つまり ldap_uri が使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_search_base (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The default base DN to use for performing LDAP user operations."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"The filter must be a valid LDAP search filter as specified by http://www."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"な LDAP 検索フィルターである必要があります。"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_override.8.xml:137 sss_override.8.xml:234
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "Examples:"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = dc=example,dc=com (which is equivalent to) "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = dc=example,dc=com?subtree?"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_search_base = dc=example,dc=com (which is equivalent to) "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_search_base = dc=example,dc=com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"(host=thishost)?dc=example.com?subtree?"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"(host=thishost)?dc=example.com?subtree?"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Note: It is unsupported to have multiple search bases which reference "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"identically-named objects (for example, groups with the same name in two "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"different search bases). This will lead to unpredictable behavior on client "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"Default: If not set, the value of the defaultNamingContext or namingContexts "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"attribute from the RootDSE of the LDAP server is used. If "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"defaultNamingContext does not exist or has an empty value namingContexts is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"used. The namingContexts attribute must have a single value with the DN of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the search base of the LDAP server to make this work. Multiple values are "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are not supported."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_schema (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_schema (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the Schema Type in use on the target LDAP server. Depending on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the selected schema, the default attribute names retrieved from the servers "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"may vary. The way that some attributes are handled may also differ."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "Four schema types are currently supported:"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "rfc2307"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "rfc2307"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "rfc2307bis"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "rfc2307bis"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"The main difference between these schema types is how group memberships are "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"recorded in the server. With rfc2307, group members are listed by name in "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"group members are listed by DN and stored in the <emphasis>member</emphasis> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"attribute. The AD schema type sets the attributes to correspond with Active "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Directory 2008r2 values."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: rfc2307"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: rfc2307"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_default_bind_dn (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_default_bind_dn (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The default bind DN to use for performing LDAP operations."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_default_authtok_type (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_default_authtok_type (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The type of the authentication token of the default bind DN."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期バインド DN の認証トークンの形式です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The two mechanisms currently supported are:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "現在 2 つのメカニズムがサポートされます:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "password"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "obfuscated_password"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "obfuscated_password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: password"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_default_authtok (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_default_authtok (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The authentication token of the default bind DN. Only clear text passwords "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are currently supported."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"デフォルトのバインド DN の認証トークンです。平文テキストのパスワードのみが現"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_object_class (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_object_class (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The object class of a user entry in LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: posixAccount"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: posixAccount"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_name (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's login name."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのログイン名に対応する LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_uid_number (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_uid_number (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's id."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーの ID に対応する LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: uidNumber"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: uidNumber"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_gid_number (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_gid_number (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's primary group id."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: gidNumber"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: gidNumber"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "ldap_user_primary_group (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Active Directory primary group attribute for ID-mapping. Note that this "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"attribute should only be set manually if you are running the <quote>ldap</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"quote> provider with ID mapping."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: unset (LDAP), primaryGroupID (AD)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_gecos (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_gecos (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's gecos field."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーの gecos 項目に対応する LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: gecos"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: gecos"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_home_directory (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_home_directory (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the name of the user's home directory."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: homeDirectory"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: homeDirectory"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shell (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shell (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the path to the user's default shell."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: loginShell"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: loginShell"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_user_uuid (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_user_objectsid (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ldap_user_objectsid (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The LDAP attribute that contains the objectSID of an LDAP user object. This "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"is usually only necessary for ActiveDirectory servers."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"LDAP ユーザーオブジェクトの objectSID を含む LDAP 属性です。これは通常 "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ActiveDirectory サーバーに対してのみ必要です。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: objectSid for ActiveDirectory, not set for other servers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_modify_timestamp (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_modify_timestamp (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1203
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains timestamp of the last modification of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"parent object."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:984 sssd-ldap.5.xml:1210
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: modifyTimestamp"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: modifyTimestamp"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_last_change (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shadow_last_change (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the last password change)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> の対応部分(最終パスワード変更日)に対応する LDAP 属性の名前を"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowLastChange"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: shadowLastChange"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_min (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shadow_min (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"password age)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> の対応部分(最小パスワード期限)に対応する LDAP 属性の名前を含"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowMin"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: shadowMin"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_max (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shadow_max (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"password age)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> の対応部分(最大パスワード期限)に対応する LDAP 属性の名前を含"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowMax"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: shadowMax"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_warning (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shadow_warning (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(password warning period)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> の対応部分(パスワード警告期間)に対応する LDAP 属性の名前を含"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowWarning"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: shadowWarning"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_inactive (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shadow_inactive (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"(password inactivity period)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> の対応部分(パスワード無効期間)に対応する LDAP 属性の名前を含"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowInactive"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: shadowInactive"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_shadow_expire (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_shadow_expire (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"parameter contains the name of an LDAP attribute corresponding to its "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> counterpart (account expiration date)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> の対応部分(アカウント失効日)に対応する LDAP 属性の名前を含み"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: shadowExpire"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: shadowExpire"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_krb_last_pwd_change (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_krb_last_pwd_change (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"an LDAP attribute storing the date and time of last password change in "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは Kerberos "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: krbLastPwdChange"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: krbLastPwdChange"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_krb_password_expiration (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_krb_password_expiration (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"an LDAP attribute storing the date and time when current password expires."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは現在のパス"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ワード失効日時を保存する LDAP 属性の名前を含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: krbPasswordExpiration"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: krbPasswordExpiration"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_ad_account_expires (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_ad_account_expires (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of an LDAP attribute storing the expiration time of the account."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_account_expire_policy=ad を使用するとき、このパラメーターはアカウントの"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"失効日時を保存する LDAP 属性の名前を含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: accountExpires"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: accountExpires"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_ad_user_account_control (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_ad_user_account_control (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=ad, this parameter contains the name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of an LDAP attribute storing the user account control bit field."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_account_expire_policy=ad を使用するとき、このパラメーターはユーザーアカ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: userAccountControl"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: userAccountControl"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_ns_account_lock (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_ns_account_lock (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"determines if access is allowed or not."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_account_expire_policy=rhds または同等のものを使用するとき、このパラメー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ターがアクセスが許可されるかされないかを決定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nsAccountLock"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: nsAccountLock"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_nds_login_disabled (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_nds_login_disabled (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access is allowed or not."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_account_expire_policy=nds を使用するとき、アクセスが許可されるかされない"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"かをこの属性が決定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: loginDisabled"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: loginDisabled"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_nds_login_expiration_time (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_nds_login_expiration_time (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines until "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"which date access is granted."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_account_expire_policy=nds を使用しているとき、この属性はデータアクセスが"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"いつまで許可されるのかを決定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_nds_login_allowed_time_map (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_nds_login_allowed_time_map (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using ldap_account_expire_policy=nds, this attribute determines the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"hours of a day in a week when access is granted."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_account_expire_policy=nds を使用しているとき、この属性はアクセスが許可さ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"れるときの一週間の日の時間を決定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: loginAllowedTimeMap"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: loginAllowedTimeMap"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_principal (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_principal (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains the user's Kerberos User Principal Name "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: krbPrincipalName"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: krbPrincipalName"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_extra_attrs (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"usual set of user attributes."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The list can either contain LDAP attribute names only, or colon-separated "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"LDAP attribute name is specified, the attribute is saved to the cache "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"verbatim. Using a custom SSSD attribute name might be required by "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"environments that configure several SSSD domains with different LDAP schemas."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that several attribute names are reserved by SSSD, notably the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>name</quote> attribute. SSSD would report an error if any of the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"reserved attribute names is used as an extra attribute name."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_extra_attrs = telephoneNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>telephoneNumber</quote> to the cache."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_extra_attrs = phone:telephoneNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"quote> to the cache."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_ssh_public_key (string)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "ldap_user_ssh_public_key (文字列)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "The LDAP attribute that contains the user's SSH public keys."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: sshPublicKey"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_force_upper_case_realm (boolean)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "ldap_force_upper_case_realm (論理値)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Some directory servers, for example Active Directory, might deliver the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"realm part of the UPN in lower case, which might cause the authentication to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"fail. Set this option to a non-zero value if you want to use an upper-case "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"いくつかのディレクトリーサーバー、たとえば Active Directory、は小文字のレルム"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"を転送しません。それにより、認証が失敗します。もし大文字のレルムを使用したい"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"場合、このオプションを 0 以外に設定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_enumeration_refresh_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_enumeration_refresh_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher"Specifies how many seconds SSSD has to wait before refreshing its cache of "
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher"enumerated records."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "ldap_purge_cache_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_purge_cache_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Determine how often to check the cache for inactive entries (such as groups "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"with no members and users who have never logged in) and remove them to save "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"使用していないエントリー(メンバーのいないグループやログインしたことがない"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーなど)に対してキャッシュを確認して、保存領域を節約するためにそれらを"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Setting this option to zero will disable the cache cleanup operation. Please "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"note that if enumeration is enabled, the cleanup task is required in order "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"to detect entries removed from the server and can't be disabled. By default, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"the cleanup task will run every 3 hours with enumeration enabled."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_fullname (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_fullname (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the user's full name."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーの完全名に対応する LDAP 属性です。"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1235
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:2394 sssd-ipa.5.xml:607
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: cn"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: cn"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_member_of (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_member_of (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that lists the user's group memberships."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: memberOf"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: memberOf"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_authorized_service (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_authorized_service (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"use the presence of the authorizedService attribute in the user's LDAP entry "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to determine access privilege."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"もし access_provider=ldap かつ ldap_access_order=authorized_service ならば、"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD はアクセス権限を決定するために、ユーザーの LDAP エントリーにある "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"authorizedService 属性を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"explicit allow (svc) and finally for allow_all (*)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"明示的な拒否 (!svc) が始めに解決されます。次に SSSD は明示的な許可 (svc) を検"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"索します。最後にすべて許可 (*) を検索します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Please note that the ldap_access_order configuration option <emphasis>must</"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"emphasis> include <quote>authorized_service</quote> in order for the "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"ldap_user_authorized_service option to work."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: authorizedService"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: authorizedService"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_authorized_host (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_authorized_host (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"presence of the host attribute in the user's LDAP entry to determine access "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"An explicit deny (!host) is resolved first. Second, SSSD searches for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"explicit allow (host) and finally for allow_all (*)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"索します。最後にすべて許可 (*) が検索されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Please note that the ldap_access_order configuration option <emphasis>must</"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"emphasis> include <quote>host</quote> in order for the "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"ldap_user_authorized_host option to work."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: host"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: host"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_user_authorized_host (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ldap_user_authorized_rhost (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_user_authorized_host (文字列)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "presence of the host attribute in the user's LDAP entry to determine "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "access privilege."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"presence of the rhost attribute in the user's LDAP entry to determine access "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"privilege. Similarly to host verification process."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "explicit allow (host) and finally for allow_all (*)."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"explicit allow (rhost) and finally for allow_all (*)."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"索します。最後にすべて許可 (*) が検索されます。"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please note that the ldap_access_order configuration option <emphasis>must</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"emphasis> include <quote>rhost</quote> in order for the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"ldap_user_authorized_rhost option to work."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: host"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: rhost"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "初期値: host"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ldap_user_certificate (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Name of the LDAP attribute containing the X509 certificate of the user."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: filter"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: userCertificate;binary"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "初期値: filter"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "ldap_user_email (string)"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "Name of the LDAP attribute containing the email address of the user."
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Note: If an email address of a user conflicts with an email address or fully "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"qualified name of another user, then SSSD will not be able to serve those "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"users properly. If for some reason several users need to share the same "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"email address then set this option to a nonexistent attribute name in order "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"to disable user lookup/login by email."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "Default: mail"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_object_class (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_object_class (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The object class of a group entry in LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP にあるグループエントリーのオブジェクトクラスです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: posixGroup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: posixGroup"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_name (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the group name."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "グループ名に対応する LDAP 属性です。"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_gid_number (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_gid_number (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the group's id."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "グループの ID に対応する LDAP 属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_member (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_member (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the names of the group's members."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "グループのメンバーの名前を含む LDAP の属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_group_uuid (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_group_objectsid (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ldap_group_objectsid (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The LDAP attribute that contains the objectSID of an LDAP group object. This "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"is usually only necessary for ActiveDirectory servers."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"LDAP グループオブジェクトの objectSID を含む LDAP 属性です。これは通常 "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ActiveDirectory サーバーに対してのみ必要です。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_modify_timestamp (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_modify_timestamp (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_group_type (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The LDAP attribute that contains an integer value indicating the type of the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"group and maybe other flags."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This attribute is currently only used by the AD provider to determine if a "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"group is a domain local groups and has to be filtered out for trusted "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Default: groupType in the AD provider, otherwise not set"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_group_external_member (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The LDAP attribute that references group members that are defined in an "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"external domain. At the moment, only IPA's external members are supported."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_nesting_level (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_nesting_level (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If ldap_schema is set to a schema format that supports nested groups (e.g. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"RFC2307bis), then this option controls how many levels of nesting SSSD will "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"follow. This option has no effect on the RFC2307 schema."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_schema が入れ子グループ (例: RFC2307bis) をサポートするスキーマ形式に設"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"定されていると、このオプションが入れ子 SSSD がしたがうレベルを制御します。こ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"のオプションは RFC2307 スキーマにおいて効果がありません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Note: This option specifies the guaranteed level of nested groups to be "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"processed for any lookup. However, nested groups beyond this limit "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<emphasis>may be</emphasis> returned if previous lookups already resolved "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"the deeper nesting levels. Also, subsequent lookups for other groups may "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"enlarge the result set for original lookup if re-queried."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"at all. However, when connected to Active-Directory Server 2008 and later "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"using <quote>id_provider=ad</quote> it is furthermore required to disable "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"restrict group nesting."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 2"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 2"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ldap_groups_use_matching_rule_in_chain"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ldap_groups_use_matching_rule_in_chain"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"This option tells SSSD to take advantage of an Active Directory-specific "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"feature which may speed up group lookup operations on deployments with "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"complex or deep nested groups."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"In most common cases, it is best to leave this option disabled. It generally "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"only provides a performance increase on very complex nestings."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"If this option is enabled, SSSD will use it if it detects that the server "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"supports it during initial connection. So \"True\" here essentially means "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"\"auto-detect\"."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"Note: This feature is currently known to work only with Active Directory "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"for more details."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ldap_initgroups_use_matching_rule_in_chain"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ldap_initgroups_use_matching_rule_in_chain"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"This option tells SSSD to take advantage of an Active Directory-specific "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"feature which might speed up initgroups operations (most notably when "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"dealing with complex or deep nested groups)."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"This options enables or disables use of Token-Groups attribute when "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"performing initgroup for users from Active Directory Server 2008 and later."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: True for AD and IPA otherwise False."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_object_class (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_netgroup_object_class (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The object class of a netgroup entry in LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_object_class should be used instead."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nisNetgroup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: nisNetgroup"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_netgroup_name (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that corresponds to the netgroup name."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ネットワークグループ名に対応する LDAP 属性です。"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_name should be used instead."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_member (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_netgroup_member (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The LDAP attribute that contains the names of the netgroup's members."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "In IPA provider, ipa_netgroup_member should be used instead."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: memberNisNetgroup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: memberNisNetgroup"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_triple (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_netgroup_triple (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The LDAP attribute that contains the (host, user, domain) netgroup triples."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ネットワークグループの三つ組(ホスト、ユーザー、ドメイン)を含む LDAP 属性で"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "This option is not available in IPA provider."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: nisNetgroupTriple"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: nisNetgroupTriple"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_netgroup_modify_timestamp (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_netgroup_modify_timestamp (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_user_object_class (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_object_class (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_user_object_class (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The object class of a user entry in LDAP."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The object class of a host entry in LDAP."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipService"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: ipService"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ad_hostname (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_name (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ad_hostname (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that corresponds to the group name."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that corresponds to the host's name."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "グループ名に対応する LDAP 属性です。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_sudo_hostnames (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_fqdn (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_sudo_hostnames (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that corresponds to the user's full name."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"The LDAP attribute that corresponds to the host's fully-qualified domain "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ユーザーの完全名に対応する LDAP 属性です。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "Default: cn"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Default: fqdn"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "初期値: cn"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_dns_service_name (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_serverhostname (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_dns_service_name (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "Default: sudoHost"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Default: serverHostname"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "初期値: sudoHost"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_user_member_of (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_member_of (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_user_member_of (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that lists the user's group memberships."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that lists the host's group memberships."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ipa_host_search_base (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_search_base (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ipa_host_search_base (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Optional. Use the given string as search base for host objects."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1287 sssd-ipa.5.xml:359 sssd-ipa.5.xml:378
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"See <quote>ldap_search_base</quote> for information about configuring "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"multiple search bases."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"複数の検索ベースを設定することの詳細は <quote>ldap_search_base</quote> を参照"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1292 sssd-ipa.5.xml:364 include/ldap_search_bases.xml:27
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_user_ssh_public_key (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_ssh_public_key (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_user_ssh_public_key (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that contains the user's SSH public keys."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that contains the host's SSH public keys."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_sasl_authid (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_uuid (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_sasl_authid (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that contains the port managed by this service."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_service_object_class (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_service_object_class (文字列)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The object class of a service entry in LDAP."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_service_name (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains the name of service attributes and their "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_port (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_service_port (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that contains the port managed by this service."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipServicePort"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: ipServicePort"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_proto (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_service_proto (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that contains the protocols understood by this service."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: ipServiceProtocol"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: ipServiceProtocol"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_service_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_service_search_base (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_search_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_search_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the timeout (in seconds) that ldap searches are allowed to run "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"before they are cancelled and cached results are returned (and offline mode "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Note: this option is subject to change in future versions of the SSSD. It "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"will likely be replaced at some point by a series of timeouts for specific "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"lookup types."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"注: このオプションは SSSD の将来のバージョンにおいて変更される可能性がありま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。特定の種類の検索のために一連のタイムアウトによりある時点に置き換えられる"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_enumeration_search_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_enumeration_search_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the timeout (in seconds) that ldap searches for user and group "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"enumerations are allowed to run before they are cancelled and cached results "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are returned (and offline mode is entered)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_network_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_network_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the timeout (in seconds) after which the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> following a <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> returns in case of no activity."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry> に続けて <citerefentry> <refentrytitle>poll</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_opt_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_opt_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"will abort if no response is received. Also controls the timeout when "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"operation, password change extended operation and the StartTLS operation."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "ldap_connection_expire_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_connection_expire_timeout (整数)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"maintained. After this time, the connection will be re-established. If used "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"the TGT lifetime) will be used."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Default: 900 (15 minutes)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 900 (15 分)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_page_size (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_page_size (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the number of records to retrieve from LDAP in a single request. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Some LDAP servers enforce a maximum limit per-request."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"1 回の要求で LDAP から取得するレコード数を指定します。いくつかの LDAP サー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"バーは 1 要求あたりの最大数の制限を強制します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 1000"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 1000"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_disable_paging (boolean)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "ldap_disable_paging (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Disable the LDAP paging control. This option should be used if the LDAP "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"server reports that it supports the LDAP paging control in its RootDSE but "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"it is not enabled or does not behave properly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"LDAP ページング制御を無効にします。LDAP サーバーがその RootDSE において LDAP "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ページング制御をサポートするが、有効化されていない、もしくは正しく動作しない"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ことを報告する場合に、このオプションが使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Example: OpenLDAP servers with the paging control module installed on the "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"server but not enabled will report it in the RootDSE but be unable to use it."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"例: サーバーにページング制御モジュールがインストールされているが、RootDSE に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"おいて有効化されていないと報告され、それを使用できない OpenLDAP サーバーで"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Example: 389 DS has a bug where it can only support a one paging control at "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"a time on a single connection. On busy clients, this can result in some "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"requests being denied."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"例: 389 DS は単一の接続において同時に 1 つのページ制御のみをサポートします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "ldap_disable_range_retrieval (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ldap_disable_range_retrieval (論理値)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "Disable Active Directory range retrieval."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "Active Directory の範囲の取得を無効化します。"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Active Directory limits the number of members to be retrieved in a single "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"group contains more members, the reply would include an AD-specific range "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"extension. This option disables parsing of the range extension, therefore "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"large groups will appear as having no members."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_sasl_minssf (integer)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "ldap_sasl_minssf (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When communicating with an LDAP server using SASL, specify the minimum "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"security level necessary to establish the connection. The values of this "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"option are defined by OpenLDAP."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: Use the system default (usually specified by ldap.conf)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_deref_threshold (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_deref_threshold (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"Specify the number of group members that must be missing from the internal "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"cache in order to trigger a dereference lookup. If less members are missing, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"they are looked up individually."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"You can turn off dereference lookups completely by setting the value to 0."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"A dereference lookup is a means of fetching all group members in a single "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"LDAP call. Different LDAP servers may implement different dereference "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"filter, then the dereference lookup performance enhancement will be disabled "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"regardless of this setting."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_reqcert (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_tls_reqcert (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies what checks to perform on server certificates in a TLS session, if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"any. It can be specified as one of the following values:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"もしあれば、 TLS セッションにおいてサーバー証明書において実行するためにチェッ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クするものを指定します。以下の値のうち 1 つを指定できます:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>never</emphasis> = The client will not request or check any server "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>never</emphasis> = クライアントがすべてのサーバー証明書を要求または"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>allow</emphasis> = The server certificate is requested. If no "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"is provided, it will be ignored and the session proceeds normally."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>allow</emphasis> = サーバー証明書が要求されます。証明書が提供されな"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ければ、セッションが通常通り進められます。不正な証明書が提供されると、それは"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"無視され、セッションが通常通り進められます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>try</emphasis> = The server certificate is requested. If no "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificate is provided, the session proceeds normally. If a bad certificate "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"is provided, the session is immediately terminated."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>try</emphasis> = サーバー証明書が要求されます。証明書が提供されなけ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"れば、セッションが通常通り進められます。不正な証明書が提供されると、セッショ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>demand</emphasis> = The server certificate is requested. If no "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificate is provided, or a bad certificate is provided, the session is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"immediately terminated."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>demand</emphasis> = サーバー証明書が要求されます。証明書が提供され"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: hard"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: hard"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cacert (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_tls_cacert (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the file that contains certificates for all of the Certificate "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Authorities that <command>sssd</command> will recognize."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Specifies the file that contains certificates for all of the Certificate "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Authorities that <command>sssd</command> が認識するすべての認証局に対する証明"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"書を含むファイルを指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1641 sssd-ldap.5.xml:1659 sssd-ldap.5.xml:1700
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"conf</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: OpenLDAP の初期値の使用、一般的に <filename>/etc/openldap/ldap.conf</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"filename> にあります"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cacertdir (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_tls_cacertdir (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the path of a directory that contains Certificate Authority "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"certificates in separate individual files. Typically the file names need to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"be the hash of the certificate followed by '.0'. If available, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>cacertdir_rehash</command> can be used to create the correct names."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"個別のファイルに CA 証明書を含むディレクトリーのパスを指定します。一般的に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ファイル名は '.0' で終わる証明書のハッシュである必要があります。利用可能なら"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ば、<command>cacertdir_rehash</command> は正しい名前を作成するために使用でき"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cert (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_tls_cert (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the file that contains the certificate for the client's key."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_key (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_tls_key (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the file that contains the client's key."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "クライアントのキーを含むファイルを指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_tls_cipher_suite (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_tls_cipher_suite (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Specifies acceptable cipher suites. Typically this is a colon separated "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>5</manvolnum></citerefentry> for format."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_id_use_start_tls (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_id_use_start_tls (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies that the id_provider connection must also use <systemitem class="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"\"protocol\">tls</systemitem> to protect the channel."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"用する必要がある id_provider 接続を指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_id_mapping (boolean)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ldap_id_mapping (論理値)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies that SSSD should attempt to map user and group IDs from the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"on ldap_user_uid_number and ldap_group_gid_number."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Currently this feature supports only ActiveDirectory objectSID mapping."
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "ldap_min_id, ldap_max_id (integer)"
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek"set to true the allowed ID range for ldap_user_uid_number and "
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek"can be set to restrict the allowed range for the IDs which are read directly "
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek"from the server. Sub-domains can then pick other ranges to map IDs."
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozekmsgid "Default: not set (both options are set to 0)"
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_mech (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sasl_mech (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"使用する SASL メカニズムを指定します。現在 GSSAPI のみがテストされサポートさ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_authid (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sasl_authid (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify the SASL authorization id to use. When GSSAPI is used, this "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"represents the Kerberos principal used for authentication to the directory. "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"This option can either contain the full principal (for example host/"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "Default: host/hostname@REALM"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "初期値: host/hostname@REALM"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ldap_sasl_realm (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ldap_sasl_realm (文字列)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"Specify the SASL realm to use. When not specified, this option defaults to "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"well, this option is ignored."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: the value of krb5_realm."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "初期値: krb5_realm の値"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_sasl_canonicalize (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sasl_canonicalize (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If set to true, the LDAP library would perform a reverse lookup to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"canonicalize the host name during a SASL bind."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"真に設定されていると、 LDAP ライブラリーは SASL バインド中にホスト名を正規化"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"するために逆引きを実行します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: false;"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: false;"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_krb5_keytab (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_krb5_keytab (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specify the keytab to use when using SASL/GSSAPI."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_krb5_init_creds (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_krb5_init_creds (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies that the id_provider should init Kerberos credentials (TGT). This "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"action is performed only if SASL is used and the mechanism selected is "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Kerberos クレディンシャル (TGT) を初期化する id_provider を指定します。この操"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"作は、 SASL が使用され、選択されたメカニズムが GSSAPI である場合のみ実行され"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_krb5_ticket_lifetime (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_krb5_ticket_lifetime (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: 86400 (24 hours)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 86400 (24 時間)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "krb5_server, krb5_backup_server (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "krb5_server, krb5_backup_server (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the comma-separated list of IP addresses or hostnames of the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Kerberos servers to which SSSD should connect in the order of preference. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on failover and server redundancy, see the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"colon) may be appended to the addresses or hostnames. If empty, service "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"discovery is enabled - for more information, refer to the <quote>SERVICE "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"DISCOVERY</quote> section."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When using service discovery for KDC or kpasswd servers, SSSD first searches "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"none are found."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなけれ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ば _tcp にフォールバックします。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"While the legacy name is recognized for the time being, users are advised to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"migrate their config files to use <quote>krb5_server</quote> instead."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このオプションは以前の SSSD において <quote>krb5_kdcip</quote> という名前でし"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"た。古い名前がしばらく認められる間、ユーザーは代わりに <quote>krb5_server</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"quote> を使用するよう設定ファイルを移行することが推奨されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1888 sssd-ipa.5.xml:428 sssd-krb5.5.xml:103
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_realm (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_realm (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallaghermsgid "krb5_canonicalize (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_canonicalize (論理値)"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host principal should be canonicalized when connecting to "
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher"LDAP server. This feature is available with MIT Kerberos >= 1.7"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgid "krb5_use_kdcinfo (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "krb5_use_kdcinfo (論理値)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek"which KDCs to use. This option is on by default, if you disable it, you need "
0172959f117b545c8a6b1893f5f56818d82dd624Jakub Hrozek"to configure the Kerberos library using the <citerefentry> "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"citerefentry> configuration file."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"information on the locator plugin."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"位置情報プラグインの詳細は <citerefentry> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manvolnum> </citerefentry> マニュアルページを参照ください。"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_pwd_policy (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_pwd_policy (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Select the policy to evaluate the password expiration on the client side. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following values are allowed:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クライアント側においてパスワード期限切れを評価するためのポリシーを選択しま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。以下の値が許容されます:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>none</emphasis> - No evaluation on the client side. This option "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"cannot disable server-side password policies."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>none</emphasis> - クライアント側において評価しません。このオプショ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ンはサーバー側のパスワードポリシーを無効にできません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"evaluate if the password has expired."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>shadow</emphasis> - パスワードが失効したかを評価するために "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> 形式の属性を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to determine if the password has expired. Use chpass_provider=krb5 to update "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"these attributes when the password is changed."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>mit_kerberos</emphasis> - パスワードが期限切れしているかを決定する"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ために MIT Kerberos により使用される属性を使用します。パスワードが変更される"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>Note</emphasis>: if a password policy is configured on server "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"side, it always takes precedence over policy set with this option."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_referrals (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_referrals (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies whether automatic referral chasing should be enabled."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "自動参照追跡が有効化されるかを指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that sssd only supports referral chasing when it is compiled "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"with OpenLDAP version 2.4.13 or higher."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"sssd のみが参照追跡をサポートすることに注意してください。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Chasing referrals may incur a performance penalty in environments that use "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"them heavily, a notable example is Microsoft Active Directory. If your setup "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"does not in fact require the use of referrals, setting this option to false "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"might bring a noticeable performance improvement."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_dns_service_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_dns_service_name (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the service name to use when service discovery is enabled."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: ldap"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: ldap"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_chpass_dns_service_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_chpass_dns_service_name (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the service name to use to find an LDAP server which allows "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"password changes when service discovery is enabled."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"サービス検索が有効にされているときに、パスワード変更を許可する LDAP サーバー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"を検索するために使用するサービスの名前を指定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: not set, i.e. service discovery is disabled"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "ldap_chpass_update_last_change (bool)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ldap_chpass_update_last_change (論理値)"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Specifies whether to update the ldap_user_shadow_last_change attribute with "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"days since the Epoch after a password change operation."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_access_filter (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_access_filter (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"If using access_provider = ldap and ldap_access_order = filter (default), "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"this option is mandatory. It specifies an LDAP search filter criteria that "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"must be met for the user to be granted access on this host. If "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"access_provider = ldap, ldap_access_order = filter and this option is not "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"set, it will result in all users being denied access. Use access_provider = "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"permit to change this default behavior. Please note that this filter is "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"applied on the LDAP user entry only and thus filtering based on nested "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"groups may not work (e.g. memberOf attribute on AD entries points only to "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"direct parents). If filtering based on nested groups is required, please see "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manvolnum> </citerefentry>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Example:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access_provider = ldap\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"ldap_access_filter = (employeeType=admin)\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This example means that access to this host is restricted to users whose "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"employeeType attribute is set to \"admin\"."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Offline caching for this feature is limited to determining whether the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"user's last online login was granted access permission. If they were granted "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"access during their last login, they will continue to be granted access "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"while offline and vice versa."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Empty"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 空白"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_account_expire_policy (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_account_expire_policy (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"With this option a client side evaluation of access control attributes can "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このオプションを使用すると、アクセス制御属性のクライアント側評価が有効になり"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that it is always recommended to use server side access control, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"i.e. the LDAP server should deny the bind request with a suitable error code "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"even if the password is correct."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"必ずサーバー側のアクセス制御を使用することが推奨されることに注意してくださ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"い。つまり、パスワードが正しいときさえ、適切なエラーコードでバインド要求を拒"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The following values are allowed:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "以下の値が許可されます:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"determine if the account is expired."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>shadow</emphasis>: アカウントが失効しているかを決めるために "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_user_shadow_expire の値を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>ad</emphasis>: use the value of the 32bit field "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_user_ad_user_account_control and allow access if the second bit is not "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"set. If the attribute is missing access is granted. Also the expiration time "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of the account is checked."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"emphasis>: use the value of ldap_ns_account_lock to check if access is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"allowed or not."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"emphasis>: アクセスが許可されるかされないかを確認するために "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_ns_account_lock の値を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>nds</emphasis>: the values of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If both attributes are missing access is granted."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>nds</emphasis>: アクセスが許可されるかを確認するために the values "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled および "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ldap_user_nds_login_expiration_time の値が使用されます。どの値もなければ、ア"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Please note that the ldap_access_order configuration option <emphasis>must</"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"emphasis> include <quote>expire</quote> in order for the "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"ldap_account_expire_policy option to work."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_access_order (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_access_order (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Comma separated list of access control options. Allowed values are:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>filter</emphasis>: use ldap_access_filter"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<emphasis>lockout</emphasis>: use account locking. If set, this option "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Please note that 'access_provider = ldap' must be set for this feature to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"quote> option and might be removed in a future release. </emphasis>"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"and has value of '000001010000Z' or represents any time in the past. The "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"denotes the UTC time zone. Other time zones are not currently supported and "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"will result in \"access-denied\" when users attempt to log in. Please see "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"must be set for this feature to work."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"interested in being warned that password is about to expire and "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"authentication is based on using a different method than passwords - for "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"example SSH keys."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"The difference between these options is the action taken if user password is "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"expired: pwd_expire_policy_reject - user is denied to log in, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"pwd_expire_policy_warn - user is still able to log in, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"pwd_expire_policy_renew - user is prompted to change his password "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"immediately."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note If user password is expired no explicit message is prompted by SSSD."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Please note that 'access_provider = ldap' must be set for this feature to "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to determine access"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>authorized_service</emphasis>: アクセス権を決定するために "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"authorizedService 属性を使用します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>host</emphasis>: use the host attribute to determine access"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<emphasis>host</emphasis>: use the host attribute to determine access"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"remote host can access"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please note, rhost field in pam is set by application, it is better to check "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"what the application sends to pam, before enabling this access control option"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: filter"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: filter"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that it is a configuration error if a value is used more than "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "値が複数使用されていると設定エラーになることに注意してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ldap_pwdlockout_dn (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"This option specifies the DN of password policy entry on LDAP server. Please "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"note that absence of this option in sssd.conf in case of enabled account "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"lockout checking will yield access denied as ppolicy attributes on LDAP "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"server cannot be checked properly."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_deref (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_deref (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies how alias dereferencing is done when performing a search. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"following options are allowed:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"検索を実行するときにどのように参照解決を実行するかを指定します。以下のオプ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the base object, but not in locating the base object of the search."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>searching</emphasis>: エイリアスはベースオブジェクトの下位に参照解"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the base object of the search."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>finding</emphasis>: エイリアスは検索のベースオブジェクトの位置を探"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"すときのみ参照解決されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"in locating the base object of the search."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>always</emphasis>: エイリアスは検索のベースオブジェクトを検索すると"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"きも位置を検索するときも参照解決されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"client libraries)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: 空白(LDAP クライアントライブラリにより <emphasis>never</emphasis> と"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "ldap_rfc2307_fallback_to_local_users (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"Allows to retain local users as members of an LDAP group for servers that "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"use the RFC2307 schema."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"In some environments where the RFC2307 schema is used, local users are made "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"members of LDAP groups by adding their names to the memberUid attribute. "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The self-consistency of the domain is compromised when this is done, so SSSD "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"would normally remove the \"missing\" users from the cached group "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"memberships as soon as nsswitch tries to fetch information about the user "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"via getpw*() or initgroups() calls."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"This option falls back to checking if local users are referenced, and caches "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"them so that later initgroups() calls will augment the local users with the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"additional LDAP groups."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#| msgid "ldap_opt_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "wildcard_limit (integer)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgstr "ldap_opt_timeout (整数)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Specifies an upper limit on the number of entries that are downloaded during "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"a wildcard lookup."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "At the moment, only the InfoPipe responder supports wildcard lookups."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: 1000 (often the size of one page)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"All of the common configuration options that apply to SSSD domains also "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> manual page for full details. <placeholder type="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"\"variablelist\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id="
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "SUDO OPTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SUDO オプション"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The detailed instructions for configuration of sudo_provider are in the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_object_class (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_object_class (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of a sudo rule entry in LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRole"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoRole"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_name (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the sudo rule name."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sudo ルール名に対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_command (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_command (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the command name."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "コマンド名に対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoCommand"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoCommand"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_host (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_host (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the host name (or host IP address, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"host IP network, or host netgroup)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ホスト名(またはホスト IP アドレス、ホスト IP ネットワーク、ホストネットワー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クグループ)に対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoHost"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoHost"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_user (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_user (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the user name (or UID, group name or "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"user's netgroup)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザー名(または UID、グループ名、ユーザーのネットワークグループ)に対応す"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoUser"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_option (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_option (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the sudo options."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sudo オプションに対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoOption"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoOption"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_runasuser (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_runasuser (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the user name that commands may be "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRunAsUser"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoRunAsUser"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_runasgroup (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_runasgroup (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the group name or group GID that "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"commands may be run as."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoRunAsGroup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoRunAsGroup"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_notbefore (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_notbefore (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the start date/time for when the sudo "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"rule is valid."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoNotBefore"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoNotBefore"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_notafter (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_notafter (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The LDAP attribute that corresponds to the expiration date/time, after which "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the sudo rule will no longer be valid."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"sudo ルールが有効ではなくなった後に、期限切れとなる日時に対応する LDAP 属性で"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoNotAfter"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoNotAfter"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudorule_order (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudorule_order (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The LDAP attribute that corresponds to the ordering index of the rule."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Default: sudoOrder"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: sudoOrder"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_full_refresh_interval (integer)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ldap_sudo_full_refresh_interval (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"How many seconds SSSD will wait between executing a full refresh of sudo "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"rules (which downloads all rules that are stored on the server)."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"値は <emphasis>ldap_sudo_smart_refresh_interval</emphasis> より大きい必要があ"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "Default: 21600 (6 hours)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "初期値: 21600 (6 時間)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_smart_refresh_interval (integer)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ldap_sudo_smart_refresh_interval (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"How many seconds SSSD has to wait before executing a smart refresh of sudo "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"rules (which downloads all rules that have USN higher than the highest USN "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"of cached rules)."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If USN attributes are not supported by the server, the modifyTimestamp "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"attribute is used instead."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_use_host_filter (boolean)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ldap_sudo_use_host_filter (論理値)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If true, SSSD will download only rules that are applicable to this machine "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"(using the IPv4 or IPv6 host/network addresses and hostnames)."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_hostnames (string)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ldap_sudo_hostnames (文字列)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Space separated list of hostnames or fully qualified domain names that "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"should be used to filter the rules."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ルールをフィルターするために使用されるホスト名または完全修飾ドメイン名の空白"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"If this option is empty, SSSD will try to discover the hostname and the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"fully qualified domain name automatically."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2584 sssd-ldap.5.xml:2607 sssd-ldap.5.xml:2625
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"emphasis> then this option has no effect."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<emphasis>ldap_sudo_use_host_filter</emphasis> が <emphasis>false</emphasis> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ならば、このオプションは効果を持ちません。"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "Default: not specified"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "初期値: 指定なし"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_ip (string)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ldap_sudo_ip (文字列)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Space separated list of IPv4 or IPv6 host/network addresses that should be "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"used to filter the rules."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ルールをフィルターするために使用される、IPv4 または IPv6 ホスト/ネットワーク"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"アドレスの空白区切り一覧です。"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If this option is empty, SSSD will try to discover the addresses "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"automatically."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_include_netgroups (boolean)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ldap_sudo_include_netgroups (論理値)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"If true then SSSD will download every rule that contains a netgroup in "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"sudoHost attribute."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ldap_sudo_include_regexp (boolean)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ldap_sudo_include_regexp (論理値)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If true then SSSD will download every rule that contains a wildcard in "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"sudoHost attribute."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"This manual page only describes attribute name mapping. For detailed "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"explanation of sudo related attribute semantics, see <citerefentry> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"citerefentry>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "AUTOFS OPTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "AUTOFS オプション"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Some of the defaults for the parameters below are dependent on the LDAP "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_autofs_map_master_name (string)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "The name of the automount master map in LDAP."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: auto.master"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_map_object_class (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_autofs_map_object_class (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The object class of an automount map entry in LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_map_name (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_autofs_map_name (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "The name of an automount map entry in LDAP."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "LDAP における automount のマップエントリーの名前です。"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_object_class (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_autofs_entry_object_class (文字列)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"The object class of an automount entry in LDAP. The entry usually "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"corresponds to a mount point."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_key (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_autofs_entry_key (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"The key of an automount entry in LDAP. The entry usually corresponds to a "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_entry_value (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_autofs_entry_value (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"automountInformation"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ADVANCED OPTIONS"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "高度なオプション"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_netgroup_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_netgroup_search_base (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_user_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_user_search_base (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ldap_group_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_group_search_base (文字列)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "<note>"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"against Active Directory will not be restricted and return all groups "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"memberships, even with no GID mapping. It is recommended to disable this "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"feature, if group names are not being displayed correctly."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "</note>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_sudo_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_sudo_search_base (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ldap_autofs_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ldap_autofs_search_base (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These options are supported by LDAP domains, but they should be used with "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"caution. Please include them in your configuration only if you know what you "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"\"variablelist\" id=\"1\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "EXAMPLE"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and LDAP is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"set to one of the domains in the <replaceable>[domains]</replaceable> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"以下の例は、SSSD が正しく設定され、LDAP が <replaceable>[domains]</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> セクションにあるドメインのどれかに設定されていると仮定していま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"id_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"auth_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_uri = ldap://ldap.mydomain.org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_search_base = dc=mydomain,dc=org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_tls_reqcert = demand\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"cache_credentials = true\n"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "<placeholder type=\"programlisting\" id=\"0\"/>"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "LDAP ACCESS FILTER EXAMPLE"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"The following example assumes that SSSD is correctly configured and to use "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"the ldap_access_order=lockout."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"id_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"auth_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"access_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_access_order = lockout\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_uri = ldap://ldap.mydomain.org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_search_base = dc=mydomain,dc=org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_tls_reqcert = demand\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"cache_credentials = true\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The descriptions of some of the configuration options in this manual page "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"distribution."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このマニュアルページにある設定オプションのいくつかの説明は、OpenLDAP 2.4 ディ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ストリビューションから <citerefentry> <refentrytitle>ldap.conf</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページに基"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "pam_sss"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "pam_sss"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "PAM module for SSSD"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD の PAM モジュール"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>pam_sss.so</command> is the PAM interface to the System Security "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Services daemon (SSSD). Errors and results are logged through "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>pam_sss.so</command> は System Security Services daemon (SSSD) への "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"PAM インターフェースです。エラーと結果は <command>syslog(3)</command> を通し"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"て LOG_AUTHPRIV ファシリティでログ記録されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>quiet</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>quiet</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Suppress log messages for unknown users."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "不明なユーザーのログメッセージを抑制します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>forward_pass</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>forward_pass</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If <option>forward_pass</option> is set the entered password is put on the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"stack for other PAM modules to use."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>forward_pass</option> が設定されていると、他の PAM モジュールが使用す"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"るために、入力されたパスワードがスタックに置かれます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>use_first_pass</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>use_first_pass</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The argument use_first_pass forces the module to use a previous stacked "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"modules password and will never prompt the user - if no password is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"available or the password is not appropriate, the user will be denied access."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"引数 use_first_pass は強制的にモジュールが前にスタックされたモジュールのパス"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ワードを使用して、ユーザーに入力させません。パスワードが何も利用可能ではな"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>use_authtok</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>use_authtok</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When password changing enforce the module to set the new password to the one "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provided by a previously stacked password module."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"パスワードを変更するとき、モジュールが強制的に新しいパスワードを、前にスタッ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クされたパスワードモジュールに設定します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>retry=N</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>retry=N</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If specified the user is asked another N times for a password if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication fails. Default is 0."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"指定されていると、認証に失敗した場合にパスワードをあと N 回ユーザーに問い合わ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"せます。初期値は 0 です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that this option might not work as expected if the application "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"calling PAM handles the user dialog on its own. A typical example is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sshd</command> with <option>PasswordAuthentication</option>."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ログを処理すると仮定して動作しません。典型的な例は "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<option>ignore_unknown_user</option>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"If this option is specified and the user does not exist, the PAM module will "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"return PAM_IGNORE. This causes the PAM framework to ignore this module."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>ignore_authinfo_unavail</option>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"the SSSD daemon. This causes the PAM framework to ignore this module."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "<option>domains</option>"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Allows the administrator to restrict the domains a particular PAM service is "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"allowed to authenticate against. The format is a comma-separated list of "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"SSSD domain names, as specified in the sssd.conf file."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"and <quote>pam_public_domains</quote> options. Please see the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"manvolnum> </citerefentry> manual page for more information on these two PAM "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"responder options."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>allow_missing_name</option>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The main purpose of this option is to let SSSD determine the user name based "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"on additional information, e.g. the certificate from a Smartcard."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"auth sufficient pam_sss.so allow_missing_name\n"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The current use case are login managers which can monitor a Smartcard reader "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"for card events. In case a Smartcard is inserted the login manager will call "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"id=\"0\"/> In this case SSSD will try to determine the user name based on "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"the content of the Smartcard, returns it to pam_sss which will finally put "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"it on the PAM stack."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "<option>prompt_always</option>"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"Always prompt the user for credentials. With this option credentials "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"requested by other PAM modules, typically a password, will be ignored and "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"pam_sss will prompt for credentials again. Based on the pre-auth reply by "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"credentials."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "MODULE TYPES PROVIDED"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "提供されるモジュール形式"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"All module types (<option>account</option>, <option>auth</option>, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>password</option> and <option>session</option>) are provided."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"すべてのモジュール形式 (<option>account</option>, <option>auth</option>, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>password</option> および <option>session</option>) が提供されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If a password reset by root fails, because the corresponding SSSD provider "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"does not support password resets, an individual message can be displayed. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This message can e.g. contain instructions about how to reset a password."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filename> where LOC stands for a locale string returned by <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry>. If there is no matching file the content of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the owner of the files and only root may have read and write permissions "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"while all other users must have only read permissions."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"These files are searched in the directory <filename>/etc/sssd/customize/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"これらのファイルがディレクトリー <filename>/etc/sssd/customize/DOMAIN_NAME/</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"filename> において検索されます。一致するファイルがなければ、一般的なメッセー"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd_krb5_locator_plugin"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sssd_krb5_locator_plugin"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Kerberos locator plugin"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"libraries what Realm and which KDC to use. Typically this is done in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"To simplify the configuration the Realm and the KDC can be defined in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> as described in <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"</citerefentry> puts the Realm and the name or IP address of the KDC into "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"libraries it reads and evaluates these variables and returns them to the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"</citerefentry> は、レルム、および KDC の名前または IP アドレスを、それぞれ "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"SSSD_KRB5_REALM および SSSD_KRB5_KDC の中に置きます。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<command>sssd_krb5_locator_plugin</command> が Kerberos ライブラリーにより呼"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"び出されるとき、それがこれらの変数を読み込み、評価し、ライブラリーに返しま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Not all Kerberos implementations support the use of plugins. If "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd_krb5_locator_plugin</command> is not available on your system "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"debug messages will be sent to stderr."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"セージが標準エラーに送られます。"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-simple"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sssd-simple"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "the configuration file for SSSD's 'simple' access-control provider"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of the simple access-control "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> manual page."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"式</quote> セクションを参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The simple access provider grants or denies access based on an access or "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"deny list of user or group names. The following rules apply:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "If all lists are empty, access is granted"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "すべての一覧が空白ならば、アクセスが認められます"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If any list is provided, the order of evaluation is allow,deny. This means "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that any matching deny rule will supersede any matched allow rule."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If either or both \"allow\" lists are provided, all users are denied unless "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"they appear in the list."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\"allow\" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If only \"deny\" lists are provided, all users are granted access unless "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"they appear in the list."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"\"deny\" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべて"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"のユーザーがアクセスを許可されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_allow_users (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "simple_allow_users (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Comma separated list of users who are allowed to log in."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ログインが許可されたユーザーのカンマ区切り一覧です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_deny_users (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "simple_deny_users (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Comma separated list of users who are explicitly denied access."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_allow_groups (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "simple_allow_groups (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Comma separated list of groups that are allowed to log in. This applies only "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to groups within this SSSD domain. Local groups are not evaluated."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中の"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"グループのみに適用されます。ローカルグループは評価されません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "simple_deny_groups (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "simple_deny_groups (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Comma separated list of groups that are explicitly denied access. This "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"applies only to groups within this SSSD domain. Local groups are not "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメイ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ンの中のグループのみに適用されます。ローカルグループは評価されません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> manual page for details on the configuration of an SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>ドメインセクション</quote> のセクションを参照してください。 "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"Specifying no values for any of the lists is equivalent to skipping it "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"entirely. Beware of this while generating parameters for the simple provider "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"using automated scripts."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that it is an configuration error if both, simple_allow_users "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"and simple_deny_users, are defined."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーに"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"なることに注意してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and example."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This examples shows only the simple access provider-specific options."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> セクションにあるドメインの 1 つであると仮定します。この例はアク"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"セスプロバイダー固有の簡単なオプションのみを示します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"access_provider = simple\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"simple_allow_users = user1, user2\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The complete group membership hierarchy is resolved before the access check, "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"thus even nested groups can be included in the access lists. Please be "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"results and should be set to a sufficient value. (<citerefentry> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"citerefentry>) option."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "sss-certmap"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "SSSD Certificate Matching and Mapping Rules"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The manual page describes the rules which can be used by SSSD and other "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"components to match X.509 certificates and map them to accounts."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Each rule has four components, a <quote>priority</quote>, a <quote>matching "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"quote>. All components are optional. A missing <quote>priority</quote> will "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"add the rule with the lowest priority. The default <quote>matching rule</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"quote> will match certificates with the digitalSignature key usage and "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the certificates will be searched in the userCertificate attribute as DER "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"encoded binary. If no domains are given only the local domain will be "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "RULE COMPONENTS"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "PRIORITY"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The rules are processed by priority while the number '0' (zero) indicates "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the highest priority. The higher the number the lower is the priority. A "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"missing value indicates the lowest priority."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Internally the priority is treated as unsigned 32bit integer, using a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"priority value larger than 4294967295 will cause an error."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "MATCHING RULE"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The matching rule is used to select a certificate to which the mapping rule "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"should be applied. It uses a system similar to the one used by "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"keyword enclosed by '<' and '>' which identified a certain part of the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"certificate and a pattern which should be found for the rule to match. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Multiple keyword pattern pairs can be either joined with '&&' (and) "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"or '||' (or)."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SUBJECT>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"With this a part or the whole subject name of the certificate can be "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"matched. For the matching POSIX Extended Regular Expression syntax is used, "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"see regex(7) for details."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"For the matching the subject name stored in the certificate in DER encoded "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ASN.1 is converted into a string according to RFC 4514. This means the most "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"specific name component comes first. Please note that not all possible "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"attribute names are covered by RFC 4514. The names included are 'CN', 'L', "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"be shown differently on different platform and by different tools. To avoid "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"confusion those attribute names are best not used or covered by a suitable "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"regular-expression."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<ISSUER>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"With this a part or the whole issuer name of the certificate can be matched. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"All comments for <SUBJECT> apply her as well."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<KU>key-usage"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This option can be used to specify which key usage values the certificate "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"should have. The following values can be used in a comma separated list:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "digitalSignature"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "nonRepudiation"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "keyEncipherment"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "dataEncipherment"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "keyAgreement"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "keyCertSign"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "cRLSign"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "encipherOnly"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "decipherOnly"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"A numerical value in the range of a 32bit unsigned integer can be used as "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"well to cover special use cases."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <KU>digitalSignature,keyEncipherment"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<EKU>extended-key-usage"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This option can be used to specify which extended key usage the certificate "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"should have. The following value can be used in a comma separated list:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "serverAuth"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "clientAuth"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "codeSigning"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "emailProtection"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "timeStamping"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "OCSPSigning"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "KPClientAuth"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "pkinit"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "msScLogin"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Extended key usages which are not listed above can be specified with their "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"OID in dotted-decimal notation."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"To be compatible with the usage of MIT Kerberos this option will match the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Principal> does."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN>.*@MY\\.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:Principal>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:Principal>.*@MY\\.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:ntPrincipalName>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the Kerberos principals from the AD NT Principal SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:pkinit>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the Kerberos principals from the PKINIT SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:dotted-decimal-oid>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Take the value of the otherName SAN component given by the OID in dotted-"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"decimal notation, interpret it as string and try to match it against the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"regular expression."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:1.2.3.4>test"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:otherName>base64-string"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Do a binary match with the base64 encoded blob against all otherName SAN "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"components. With this option it is possible to match against custom "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"otherName components with special encodings which could not be treated as "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:otherName>MTIz"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:rfc822Name>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the rfc822Name SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:rfc822Name>.*@email\\.domain"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:dNSName>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the dNSName SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:x400Address>base64-string"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Binary match the value of the x400Address SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:x400Address>MTIz"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:directoryName>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Match the value of the directoryName SAN. The same comments as given for <"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ISSUER> and <SUBJECT> apply here as well."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:directoryName>.*,DC=com"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:ediPartyName>base64-string"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Binary match the value of the ediPartyName SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:ediPartyName>MTIz"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:uniformResourceIdentifier>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the uniformResourceIdentifier SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:uniformResourceIdentifier>URN:.*"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:iPAddress>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the iPAddress SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:iPAddress>192\\.168\\..*"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:registeredID>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the registeredID SAN as dotted-decimal string."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:registeredID>1\\.2\\.3\\..*"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "MAPPING RULE"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The mapping rule is used to associate a certificate with one or more "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"accounts. A Smartcard with the certificate and the matching private key can "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"then be used to authenticate as one of those accounts."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Currently SSSD basically only supports LDAP to lookup user information (the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"exception is the proxy provider which is not of relevance here). Because of "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"this the mapping rule is based on LDAP search filter syntax with templates "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"to add certificate content to the filter. It is expected that the filter "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"will only contain the specific data needed for the mapping and that the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"caller will embed it in another filter to do the actual search. Because of "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"this the filter string should start and stop with '(' and ')' respectively."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"In general it is recommended to use attributes from the certificate and add "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"them to special attributes to the LDAP user object. E.g. the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"for IPA can be used."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This should be preferred to read user specific data from the certificate "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"like e.g. an email address and search for it in the LDAP server. The reason "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"is that the user specific data in LDAP might change for various reasons "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"would break the mapping. On the other hand it would be hard to break the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"mapping on purpose for a specific user."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the full issuer DN converted to a string according to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the '_x500' prefix should be used."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The conversion options starting with 'ad_' will use attribute names as used "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"by AD, e.g. 'S' instead of 'ST'."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The conversion options starting with 'nss_' will use attribute names as used "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The default conversion option is 'nss', i.e. attribute names according to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"NSS and LDAP/RFC 4514 ordering."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the full subject DN converted to string according to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the '_x500' prefix should be used."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"{subject_dn!nss_x500})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{cert[!(bin|base64)]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the whole DER encoded certificate as a string to the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"search filter. Depending on the conversion option the binary certificate is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"either converted to an escaped hex sequence '\\xx' or base64. The escaped "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"hex sequence is the default and can e.g. be used with the LDAP attribute "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"'userCertificate;binary'."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (userCertificate;binary={cert!bin})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_principal[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the Kerberos principal which is taken either from the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"SAN used by pkinit or the one used by AD. The 'short_name' component "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"represents the first part of the principal before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(userPrincipal={subject_principal})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"(samAccountName={subject_principal.short_name}))"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_pkinit_principal[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This template will add the Kerberos principal which is given by the SAN used "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"by pkinit. The 'short_name' component represents the first part of the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"principal before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(userPrincipal={subject_pkinit_principal})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_nt_principal[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This template will add the Kerberos principal which is given by the SAN used "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"by AD. The 'short_name' component represent the first part of the principal "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_rfc822_name[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the rfc822Name "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"component of the SAN, typically an email address. The 'short_name' component "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"represents the first part of the address before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"short_name}))"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_dns_name[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the dNSName component "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"of the SAN, typically a fully-qualified host name. The 'short_name' "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"component represents the first part of the name before the first '.' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_uri}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"uniformResourceIdentifier component of the SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (uri={subject_uri})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_ip_address}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the iPAddress component "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"of the SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (ip={subject_ip_address})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_x400_address}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the value which is stored in the x400Address "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"component of the SAN as escaped hex sequence."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (attr:binary={subject_x400_address})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the DN string of the value which is stored in the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"directoryName component of the SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (orig_dn={subject_directory_name})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_ediparty_name}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the value which is stored in the ediPartyName "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"component of the SAN as escaped hex sequence."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (attr:binary={subject_ediparty_name})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_registered_id}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the OID which is stored in the registeredID component "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"of the SAN as a dotted-decimal string."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (oid={subject_registered_id})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The templates to add certificate data to the search filter are based on "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Python-style formatting strings. They consist of a keyword in curly braces "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"with an optional sub-component specifier separated by a '.' or an optional "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"conversion/formatting option separated by a '!'. Allowed values are: "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "DOMAIN LIST"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"If the domain list is not empty users mapped to a given certificate are not "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"only searched in the local domain but in the listed domains as well as long "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"as they are know by SSSD. Domains not know to SSSD will be ignored."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "sssd-ipa"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgstr "sssd-ipa"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "SSSD IPA provider"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This manual page describes the configuration of the IPA provider for "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ジの <quote>ファイル形式</quote> を参照してください。"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The IPA provider is a back end used to connect to an IPA server. (Refer to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the freeipa.org web site for information about IPA servers.) This provider "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"requires that the machine be joined to the IPA domain; configuration is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"almost entirely self-discovered and obtained directly from the server."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"IPA プロバイダーは IPA サーバーに接続するために使用されるバックエンドです。"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"(IPA サーバーに関する詳細は freeipa.org のウェブサイトを参照してください。)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このプロバイダーは、マシンが IPA ドメインに参加していて、設定がすでに全体的に"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"自己検索され、サーバーから直接取得されている必要があります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"optimizations for IPA environments. The IPA provider accepts the same "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"However, it is neither necessary nor recommended to set these options."
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The IPA provider primarily copies the traditional ldap and krb5 provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"default options with some exceptions, the differences are listed in the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"As an access provider, the IPA provider uses HBAC (host-based access "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"control) rules. Please refer to freeipa.org for more information about "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"HBAC. No configuration of access provider is required on the client side."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"configured in sssd.conf then the id_provider must also be set to <quote>ipa</"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The IPA provider will use the PAC responder if the Kerberos tickets of users "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"from trusted realms contain a PAC. To make configuration easier the PAC "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"responder is started automatically if the IPA ID provider is configured."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_domain (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ipa_domain (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specifies the name of the IPA domain. This is optional. If not provided, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the configuration domain name is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"IPA ドメインの名前を指定します。これはオプションです。提供されなければ、設定"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ドメイン名が使用されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ipa_server, ipa_backup_server (string)"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozekmsgstr "ipa_server, ipa_backup_server (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The comma-separated list of IP addresses or hostnames of the IPA servers to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"which SSSD should connect in the order of preference. For more information "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This is optional if autodiscovery is enabled. For more information on "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "ipa_hostname (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ipa_hostname (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Optional. May be set on machines where the hostname(5) does not reflect "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "the fully qualified name used in the IPA domain to identify this host."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Optional. May be set on machines where the hostname(5) does not reflect the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"fully qualified name used in the IPA domain to identify this host. The "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"hostname must be fully qualified."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"オプションです。hostname(5) がこのホストを識別するために IPA ドメインにおいて"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"使用される完全修飾名を反映しないマシンにおいて設定されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "dyndns_update (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "dyndns_update (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Optional. This option tells SSSD to automatically update the DNS server "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"built into FreeIPA with the IP address of this client. The update is secured "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"quote> option."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
056302a92862fda16351d7192600746746f38e5dStephen Gallagher"the default Kerberos realm must be set properly in /etc/krb5.conf"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"注: (RHEL5 のような) 古いシステムにおいて、この動作が正しく機能するためには、"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"デフォルトの Kerberos レルムが /etc/krb5.conf において正しく設定されている必"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"emphasis> in their config file."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "dyndns_ttl (integer)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "dyndns_ttl (整数)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The TTL to apply to the client DNS record when updating it. If "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"dyndns_update is false this has no effect. This will override the TTL "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"serverside if set by an administrator."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"emphasis> in their config file."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Default: 1200 (seconds)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "初期値: 1200 (秒)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "dyndns_iface (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "dyndns_iface (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Optional. Applicable only when dyndns_update is true. Choose the interface "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"or a list of interfaces whose IP addresses should be used for dynamic DNS "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"should be used."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"emphasis> in their config file."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Default: Use the IP addresses of the interface which is used for IPA LDAP "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Example: dyndns_iface = em1, vnet1, vnet2"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "dyndns_auth (string)"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"updates with the DNS server, insecure updates can be sent by setting this "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"option to 'none'."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "Default: GSS-TSIG"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "ipa_enable_dns_sites (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ipa_enable_dns_sites (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "Enables DNS sites - location based service discovery."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"If true and service discovery (see Service Discovery paragraph at the bottom "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"of the man page) is enabled, then the SSSD will first attempt location "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"based discovery using a query that contains \"_location.hostname.example.com"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"\" and then fall back to traditional SRV discovery. If the location based "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"discovery succeeds, the IPA servers located with the location based "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"discovery are treated as primary servers and the IPA servers located using "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"the traditional SRV discovery are used as back up servers"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "dyndns_refresh_interval (integer)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "dyndns_refresh_interval (整数)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"How often should the back end perform periodic DNS update in addition to the "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"automatic update performed when the back end goes online. This option is "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"optional and applicable only when dyndns_update is true."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "dyndns_update_ptr (bool)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "dyndns_update_ptr (論理値)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Whether the PTR record should also be explicitly updated when updating the "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"client's DNS records. Applicable only when dyndns_update is true."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"This option should be False in most IPA deployments as the IPA server "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"generates the PTR records automatically when forward records are changed."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "Default: False (disabled)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "初期値: False (無効)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "dyndns_force_tcp (bool)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "dyndns_force_tcp (論理値)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Whether the nsupdate utility should default to using TCP for communicating "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"with the DNS server."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"nsupdate ユーティリティが DNS サーバーと通信するために TCP を標準で使用するか"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "Default: False (let nsupdate choose the protocol)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "dyndns_server (string)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"The DNS server to use when performing a DNS update. In most setups, it's "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"recommended to leave this option unset."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Setting this option makes sense for environments where the DNS server is "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"different from the identity server."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Please note that this option will be only used in fallback attempt when "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"previous attempt using autodetected settings failed."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: None (let nsupdate choose the server)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ipa_host_search_base (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_deskprofile_search_base (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_host_search_base (文字列)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Optional. Use the given string as search base for HBAC related objects."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Optional. Use the given string as search base for Desktop Profile related "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "Default: Use base DN"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "初期値: ベース DN を使用します"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_hbac_search_base (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_hbac_search_base (文字列)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Optional. Use the given string as search base for HBAC related objects."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "ipa_host_search_base (string)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "ipa_host_search_base (文字列)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Deprecated. Use ldap_host_search_base instead."
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "ipa_selinux_search_base (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ipa_selinux_search_base (文字列)"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
056302a92862fda16351d7192600746746f38e5dStephen Gallaghermsgid "Optional. Use the given string as search base for SELinux user maps."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと"
056302a92862fda16351d7192600746746f38e5dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ipa_subdomains_search_base (string)"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "ipa_subdomains_search_base (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Optional. Use the given string as search base for trusted domains."
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "ipa_master_domain_search_base (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ipa_master_domain_search_base (文字列)"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Optional. Use the given string as search base for master domain object."
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallaghermsgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozekmsgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_views_search_base (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Optional. Use the given string as search base for views containers."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the Kerberos realm. This is optional and defaults to the value "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"of <quote>ipa_domain</quote>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Kerberos レルムの名前です。これはオプションで、初期値は <quote>ipa_domain</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the Kerberos realm has a special meaning in IPA - it is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"converted into the base DN to use for performing LDAP operations."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"IPA において特別な意味を持つ Kerberos レルムの名前です。LDAP 操作を実行するた"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"めに使用するベース DN に変換されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_confd_path (string)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Absolute path of a directory where SSSD should place Kerberos configuration "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"To disable the creation of the configuration snippets set the parameter to "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ipa_hbac_refresh (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_deskprofile_refresh (integer)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "ipa_hbac_refresh (整数)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the Desktop Profile rules against the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"IPA server. This will reduce the latency and load on the IPA server if there "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"are many desktop profiles requests made in a short period."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: 5 (seconds)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "初期値: 5 (秒)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_sudo_full_refresh_interval (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_deskprofile_request_interval (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_sudo_full_refresh_interval (整数)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the Desktop Profile rules against the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"IPA server in case the last request did not return any rule."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: 900 (15 minutes)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 60 (minutes)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "初期値: 900 (15 分)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_hbac_refresh (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_hbac_refresh (整数)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the HBAC rules against the IPA server. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This will reduce the latency and load on the IPA server if there are many "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"access-control requests made in a short period."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ipa_hbac_selinux (integer)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ipa_hbac_selinux (整数)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The amount of time between lookups of the SELinux maps against the IPA "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"server. This will reduce the latency and load on the IPA server if there are "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"many user login requests made in a short period."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozekmsgid "ipa_server_mode (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ipa_server_mode (論理値)"
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This option will be set by the IPA installer (ipa-server-install) "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"automatically and denotes if SSSD is running on an IPA server or not."
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"On an IPA server SSSD will lookup users and groups from trusted domains "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"directly while on a client it will ask an IPA server."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"NOTE: There are currently some assumptions that must be met when SSSD is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"running on an IPA server."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"The <quote>ipa_server</quote> option must be configured to point to the IPA "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"server itself. This is already the default set by the IPA installer, so no "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"manual change is required."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"The <quote>full_name_format</quote> option must not be tweaked to only print "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"short names for users from trusted domains."
e0882baf3b0174cd5c34d593442f66bf6ff75261Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "ipa_automount_location (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ipa_automount_location (文字列)"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "The automounter location this IPA client will be using"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "この IPA クライアントが使用する automounter の場所です"
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
292cbb3fbe41bb7ee09b67c3ec59ab7c7ba5220eStephen Gallaghermsgid "Default: The location named \"default\""
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: \"default\" という名前の場所"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "VIEWS AND OVERRIDES"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_view_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Objectclass of the view container."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: nsContainer"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_view_name (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Name of the attribute holding the name of the view."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "ipa_override_object_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Objectclass of the override objects."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaOverrideAnchor"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_anchor_uuid (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Name of the attribute containing the reference to the original object in a "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"remote domain."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaAnchorUUID"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_user_override_object_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Name of the objectclass for user overrides. It is used to determine if the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"found override object is related to a user or a group."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "User overrides can contain attributes given by"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_name"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_uid_number"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_gid_number"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_gecos"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_home_directory"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_shell"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_user_ssh_public_key"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaUserOverride"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_group_override_object_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Name of the objectclass for group overrides. It is used to determine if the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"found override object is related to a user or a group."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Group overrides can contain attributes given by"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_group_name"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_group_gid_number"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaGroupOverride"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"later version. Since all paths and objectclasses are fixed on the server "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"side there is basically no need to configure anything. For completeness the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"related options are listed here with their default values. <placeholder "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"type=\"variablelist\" id=\"0\"/>"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "SUBDOMAINS PROVIDER"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The IPA subdomains provider behaves slightly differently if it is configured "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"explicitly or implicitly."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If the option 'subdomains_provider = ipa' is found in the domain section of "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"subdomain requests are sent to the IPA server if necessary."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"'subdomains_provider = ipa' オプションが sssd.conf のドメインのセクションに見"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"つかれば、IPA サブドメインプロバイダーが明示的に設定されます。すべてのサブド"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"メインのリクエストが必要に応じて IPA サーバーに送られます。"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"If the option 'subdomains_provider' is not set in the domain section of sssd."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"conf but there is the option 'id_provider = ipa', the IPA subdomains "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"provider is configured implicitly. In this case, if a subdomain request "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"fails and indicates that the server does not support subdomains, i.e. is not "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"configured for trusts, the IPA subdomains provider is disabled. After an "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"hour or after the IPA provider goes online, the subdomains provider is "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"enabled again."
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and example."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This examples shows only the ipa provider-specific options."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> セクションにあるドメインの 1 つであることを仮定しています。この"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"例は IPA プロバイダー固有のオプションのみを示しています。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"id_provider = ipa\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ipa_hostname = myhost.example.com\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "sssd-ad"
7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozekmsgstr "sssd-ad"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD Active Directory provider"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This manual page describes the configuration of the AD provider for "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The AD provider is a back end used to connect to an Active Directory server. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This provider requires that the machine be joined to the AD domain and a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"keytab is available. Back end communication occurs over a GSSAPI-encrypted "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"channel, SSL/TLS options should not be used with the AD provider and will be "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"superseded by Kerberos usage."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The AD provider supports connecting to Active Directory 2008 R2 or later. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Earlier versions may work, but are unsupported."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The AD provider can be used to get user information and authenticate users "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"from trusted domains. Currently only trusted domains in the same forest are "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"recognized. In addition servers from trusted domains are always auto-"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"discovered."
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"optimizations for Active Directory environments. The AD provider accepts the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"same options used by the sssd-ldap and sssd-krb5 providers with some "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"exceptions. However, it is neither necessary nor recommended to set these "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The AD provider primarily copies the traditional ldap and krb5 provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"default options with some exceptions, the differences are listed in the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The AD provider can also be used as an access, chpass, sudo and autofs "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"provider. No configuration of the access provider is required on the client "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"configured in sssd.conf then the id_provider must also be set to <quote>ad</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_id_mapping = False\n"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"ldap_id_mapping = False\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"By default, the AD provider will map UID and GID values from the objectSID "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"parameter in Active Directory. For details on this, see the <quote>ID "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"MAPPING</quote> section below. If you want to disable ID mapping and instead "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"rely on POSIX attributes defined in Active Directory, you should set "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"be used, it is recommended for performance reasons that the attributes are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"also replicated to the Global Catalog. If POSIX attributes are replicated, "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"SSSD will attempt to locate the domain of a requested numerical ID with the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"help of the Global Catalog and only search that domain. In contrast, if "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"POSIX attributes are not replicated to the Global Catalog, SSSD must search "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"all the domains in the forest sequentially. Please note that the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<quote>cache_first</quote> option might be also helpful in speeding up "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"domainless searches."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Users, groups and other entities served by SSSD are always treated as case-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"insensitive in the AD provider for compatibility with Active Directory's "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"LDAP implementation."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ad_domain (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ad_domain (文字列)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Specifies the name of the Active Directory domain. This is optional. If not "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"provided, the configuration domain name is used."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"Active Directory ドメインの名前を指定します。これはオプションです。指定されな"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ければ、設定のドメイン名が使用されます。"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"For proper operation, this option should be specified as the lower-case "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"version of the long version of the Active Directory domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"正しい動作のために、このオプションは Active Directory ドメインの長いバージョ"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ンの小文字バージョンとして指定されます。"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"The short domain name (also known as the NetBIOS or the flat name) is "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"autodetected by the SSSD."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "ad_enabled_domains (string)"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"A comma-separated list of enabled Active Directory domains. If provided, "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"SSSD will ignore any domains not listed in this option. If left unset, all "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"domains from the AD forest will be available."
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"ad_enabled_domains = sales.example.com, eng.example.com\n"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"For proper operation, this option must be specified in all lower-case and as "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"the fully qualified domain name of the Active Directory domain. For example: "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"The short domain name (also known as the NetBIOS or the flat name) will be "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"autodetected by SSSD."
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "ad_server, ad_backup_server (string)"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "ad_server, ad_backup_server (文字列)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"The comma-separated list of hostnames of the AD servers to which SSSD should "
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"connect in order of preference. For more information on failover and server "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"redundancy, see the <quote>FAILOVER</quote> section."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"This is optional if autodiscovery is enabled. For more information on "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Note: Trusted domains will always auto-discover servers even if the primary "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"server is explicitly defined in the ad_server option."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozekmsgid "ad_hostname (string)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ad_hostname (string)"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"Optional. May be set on machines where the hostname(5) does not reflect the "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"fully qualified name used in the Active Directory domain to identify this "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"オプションです。hostname(5) が Active Directory ドメインにおいて使用される完"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This field is used to determine the host principal in use in the keytab. It "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"must match the hostname for which the keytab was issued."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"この項目はキーテーブルにおいて使用中のホストプリンシパルを決定するために使用"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"されます。キーテーブルが発行されたホスト名と一致する必要があります。"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "ad_enable_dns_sites (boolean)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ad_enable_dns_sites (論理値)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"If true and service discovery (see Service Discovery paragraph at the bottom "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"of the man page) is enabled, the SSSD will first attempt to discover the "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Active Directory server to connect to using the Active Directory Site "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Discovery and fall back to the DNS SRV records if no AD site is found. The "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"DNS SRV configuration, including the discovery domain, is used during site "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"discovery as well."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ad_access_filter (string)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This option specifies LDAP access control filter that the user must match in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"order to be allowed access. Please note that the <quote>access_provider</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"quote> option must be explicitly set to <quote>ad</quote> in order for this "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"option to have an effect."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The option also supports specifying different filters per domain or forest. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"quote> specifies the domain or subdomain the filter applies to. If the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"domains from the forest specified by <quote>NAME</quote>."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Multiple filters can be separated with the <quote>?</quote> character, "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"similarly to how search bases work."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Nested group membership must be searched for using a special OID "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"example.org: syntax to ensure the parser does not attempt to interpret the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"colon characters associated with the OID. If you do not use this OID then "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"nested group membership will not be resolved. See usage example below and "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"refer here for further information about the OID: <ulink url=\"https://msdn."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"extensions</ulink>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The most specific match is always used. For example, if the option specified "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"filter for a domain the user is a member of and a global filter, the per-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"domain filter would be applied. If there are more matches with the same "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"specification, the first one is used."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"# apply filter on domain called dom1 only:\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"# apply filter on domain called dom2 only:\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"# apply filter on forest called EXAMPLE.COM only:\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"# apply filter for a member of a nested group in dom1:\n"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "ad_site (string)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Specify AD site to which client should try to connect. If this option is "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"not provided, the AD site will be auto-discovered."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ad_enable_gc (boolean)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"By default, the SSSD connects to the Global Catalog first to retrieve users "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"from trusted domains and uses the LDAP port to retrieve group memberships or "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"port of the current AD server."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that disabling Global Catalog support does not disable "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"retrieving users from trusted domains. The SSSD would connect to the LDAP "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"port of trusted domains instead. However, Global Catalog must be used in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"order to resolve cross-domain group memberships."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ad_gpo_access_control (string)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This option specifies the operation mode for GPO-based access control "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"functionality: whether it operates in disabled mode, enforcing mode, or "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"permissive mode. Please note that the <quote>access_provider</quote> option "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"must be explicitly set to <quote>ad</quote> in order for this option to have "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"GPO-based access control functionality uses GPO policy settings to determine "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"whether or not a particular user is allowed to logon to a particular host."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"NOTE: The current version of SSSD does not support host (computer) entries "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"in the GPO 'Security Filtering' list. Only user and group entries are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"supported. Host entries in the list have no effect."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"NOTE: If the operation mode is set to enforcing, it is possible that users "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"that were previously allowed logon access will now be denied logon access "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"(as dictated by the GPO policy settings). In order to facilitate a smooth "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"transition for administrators, a permissive mode is available that will not "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"enforce the access control rules, but will evaluate them and will output a "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"syslog message if access would have been denied. By examining the logs, "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"administrators can then make the necessary changes before setting the mode "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"to enforcing."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "There are three supported values for this option:"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"disabled: GPO-based access control rules are neither evaluated nor enforced."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "enforcing: GPO-based access control rules are evaluated and enforced."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"permissive: GPO-based access control rules are evaluated, but not enforced. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Instead, a syslog message will be emitted indicating that the user would "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"have been denied access if this option's value were set to enforcing."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: permissive"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "Default: enforcing"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_cache_timeout (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The amount of time between lookups of GPO policy files against the AD "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"server. This will reduce the latency and load on the AD server if there are "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"many access-control requests made in a short period."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_interactive (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the InteractiveLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyInteractiveLogonRight policy settings."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"log on locally\" and \"Deny log on locally\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_interactive = +my_pam_service, -login\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>login</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: the default set of PAM service names includes:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "login"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "gdm-fingerprint"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "gdm-password"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "gdm-smartcard"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "lightdm"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "unity"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_remote_interactive (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the RemoteInteractiveLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyRemoteInteractiveLogonRight policy settings."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"log on through Remote Desktop Services\" and \"Deny log on through Remote "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Desktop Services\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>sshd</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "cockpit"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_network (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the NetworkLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyNetworkLogonRight policy settings."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Access "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"this computer from the network\" and \"Deny access to this computer from the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_network = +my_pam_service, -ftp\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>ftp</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "samba"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_batch (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"policy settings."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"log on as a batch job\" and \"Deny log on as a batch job\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_batch = +my_pam_service, -crond\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>crond</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "crond"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_service (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the ServiceLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyServiceLogonRight policy settings."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"log on as a service\" and \"Deny log on as a service\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_service = +my_pam_service\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add a PAM service name to the default set by using <quote>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"+service_name</quote>. Since the default set is empty, it is not possible "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"to remove a PAM service name from the default set. For example, in order to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"would use the following configuration: <placeholder type=\"programlisting\" "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_permit (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access is "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"always granted, regardless of any GPO Logon Rights."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_permit = +my_pam_service, -sudo\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for unconditionally permitted "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "polkit-1"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "sudo-i"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "systemd-user"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_deny (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access is "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"always denied, regardless of any GPO Logon Rights."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_deny = +my_pam_service\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_default_right (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"This option defines how access control is evaluated for PAM service names "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"that are not explicitly listed in one of the ad_gpo_map_* options. This "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"option can be set in two different manners. First, this option can be set to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"use a default logon right. For example, if this option is set to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"'interactive', it means that unmapped PAM service names will be processed "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"settings. Alternatively, this option can be set to either always permit or "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"always deny access for unmapped PAM service names."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Supported values for this option include:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "interactive"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "remote_interactive"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "network"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "batch"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "service"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "permit"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: deny"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ad_maximum_machine_account_password_age (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"SSSD will check once a day if the machine account password is older than the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"given age in days and try to renew it. A value of 0 will disable the renewal "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: 30 days"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ad_machine_account_password_renewal_opts (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"This option should only be used to test the machine account renewal task. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The option expects 2 integers separated by a colon (':'). The first integer "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"defines the interval in seconds how often the task is run. The second "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"specifies the initial timeout in seconds before the task is run for the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"first time after startup."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: 86400:750 (24h and 15m)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Optional. This option tells SSSD to automatically update the Active "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"Directory DNS server with the IP address of this client. The update is "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"only needs to allow secure updates for the DNS zone. The IP address of the "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"AD LDAP connection is used for the updates, if it is not otherwise specified "
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"by using the <quote>dyndns_iface</quote> option."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "Default: 3600 (seconds)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "初期値: 3600 (秒)"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Default: Use the IP addresses of the interface which is used for AD LDAP "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"How often should the back end perform periodic DNS update in addition to the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"automatic update performed when the back end goes online. This option is "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"optional and applicable only when dyndns_update is true. Note that the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"lowest possible value is 60 seconds in-case if value is provided less than "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"60, parameter will assume lowest value only."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "Default: True"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "初期値: True"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"The following example assumes that SSSD is correctly configured and example."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"This example shows only the AD provider-specific options."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"以下の例は SSSD が正しく設定され、example.com が <replaceable>[sssd]</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable> セクションにあるドメインの一つであると仮定しています。この例は "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"AD プロバイダー固有のオプションのみ示してします。"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"id_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"auth_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"access_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"chpass_provider = ad\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"ad_hostname = client.example.com\n"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"ad_domain = example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"id_provider = ad\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"auth_provider = ad\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"access_provider = ad\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"chpass_provider = ad\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ad_hostname = client.example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ad_domain = example.com\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"access_provider = ldap\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ldap_access_order = expire\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"ldap_account_expire_policy = ad\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"access_provider = ldap\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ldap_access_order = expire\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ldap_account_expire_policy = ad\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"The AD access control provider checks if the account is expired. It has the "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"same effect as the following configuration of the LDAP provider: "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"However, unless the <quote>ad</quote> access control provider is explicitly "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"configured, the default access provider is <quote>permit</quote>. Please "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"note that if you configure an access provider other than <quote>ad</quote>, "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"you need to set all the connection parameters (such as LDAP URIs and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"encryption details) manually."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"are included in the default Active Directory schema."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refmeta><refentrytitle>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "sssd-sudo"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "sssd-sudo"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "Configuring sudo with the SSSD back end"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "SSSD バックエンドを用いた sudo の設定法"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"This manual page describes how to configure <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Configuring sudo to cooperate with SSSD"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"For example, to configure sudo to first lookup rules in the standard "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"manvolnum> </citerefentry> file (which should contain rules that apply to "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"local users) and then in SSSD, the nsswitch.conf file should contain the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"following line:"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "sudoers: files sss\n"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "sudoers: files sss\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"More information about configuring the sudoers search order from the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"nsswitch.conf file as well as information about the LDAP schema that is used "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"to store sudo rules in the directory can be found in <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"sudo rules, you also need to correctly set <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"citerefentry> to your NIS domain name (which equals to IPA domain name when "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"using hostgroups)."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Configuring SSSD to fetch sudo rules"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "sudo ルールを取得するよう SSSD を設定する方法"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"All configuration that is needed on SSSD side is to extend the list of "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The following example shows how to configure SSSD to download sudo rules "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"from an LDAP server."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"config_file_version = 2\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"services = nss, pam, sudo\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"domains = EXAMPLE\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"id_provider = ldap\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"sudo_provider = ldap\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_uri = ldap://example.com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"config_file_version = 2\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"services = nss, pam, sudo\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"domains = EXAMPLE\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"id_provider = ldap\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"sudo_provider = ldap\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ldap_uri = ldap://example.com\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> <phrase condition="
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"\"have_systemd\"> It's important to note that on platforms where systemd is "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"supported there's no need to add the \"sudo\" provider to the list of "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"services, as it became optional. However, sssd-sudo.socket must be enabled "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"instead. </phrase>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"automatically enabled. The sudo search base is configured to use the IPA "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"$SUFFIX) is no longer required for IPA sudo functionality."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "The SUDO rule caching mechanism"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "SUDO ルールキャッシュメカニズム"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The biggest challenge, when developing sudo support in SSSD, was to ensure "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"that running sudo with SSSD as the data source provides the same user "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"experience and is as fast as sudo but keeps providing the most current set "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"of updates. They are referred to as full refresh, smart refresh and rules "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"new or were modified after the last update. Its primary goal is to keep the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"database growing by fetching only small increments that do not generate "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"large amounts of network traffic."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"in the cache and replaces them with all rules that are stored on the server. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"This is used to keep the cache consistent by removing every rule which was "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"deleted from the server. However, full refresh may produce a lot of traffic "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"and thus it should be run only occasionally depending on the size and "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"stability of the sudo rules."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"more permission than defined. It is triggered each time the user runs sudo. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Rules refresh will find all rules that apply to this user, check their "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"expiration time and redownload them if expired. In the case that any of "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"these rules are missing on the server, the SSSD will do an out of band full "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"refresh because more rules (that apply to other users) may have been deleted."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"If enabled, SSSD will store only rules that can be applied to this machine. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"This means rules that contain one of the following values in "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<emphasis>sudoHost</emphasis> attribute:"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "keyword ALL"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "keyword ALL"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgid "wildcard"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "ワイルドカード"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "netgroup (in the form \"+netgroup\")"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "netgroup (\"+netgroup\" の形式)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "hostname or fully qualified domain name of this machine"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "このマシンのホスト名または完全修飾ドメイン名"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "one of the IP addresses of this machine"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "このマシンの IP アドレスのどれか"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "one of the IP addresses of the network (in the form \"address/mask\")"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ネットワークの IP アドレスのどれか (\"address/mask\" 形式)"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"There are many configuration options that can be used to adjust the "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "System Security Services Daemon"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "System Security Services Daemon"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>SSSD</command> provides a set of daemons to manage access to remote "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directories and authentication mechanisms. It provides an NSS and PAM "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"interface toward the system and a pluggable backend system to connect to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"multiple different account sources as well as D-Bus interface. It is also "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the basis to provide client auditing and policy services for projects like "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"FreeIPA. It provides a more robust database to store local users as well as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"extended user data."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"るためのより強靭なデータベースを提供します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>0</emphasis>: デバッグメッセージで日時を無効にします"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>1</emphasis>: デバッグメッセージにミリ秒をタイムスタンプに追加しま"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-f</option>,<option>--debug-to-files</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-f</option>,<option>--debug-to-files</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Send the debug output to files instead of stderr. By default, the log files "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"are stored in <filename>/var/log/sssd</filename> and there are separate log "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"files for every SSSD service and domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"とドメインに対して別々のログファイルがあります。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"This option is deprecated. It is replaced by <option>--logger=files</option>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "<option>--logger=</option><replaceable>value</replaceable>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Location where SSSD will send log messages. This option overrides the value "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"of the deprecated option <option>--debug-to-files</option>. The deprecated "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"option will still work if the <option>--logger</option> is not used."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "Send the debug output to files instead of stderr. By default, the log "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "files are stored in <filename>/var/log/sssd</filename> and there are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "separate log files for every SSSD service and domain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"default, the log files are stored in <filename>/var/log/sssd</filename> and "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"there are separate log files for every SSSD service and domain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"とドメインに対して別々のログファイルがあります。"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-D</option>,<option>--daemon</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-D</option>,<option>--daemon</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Become a daemon after starting up."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "起動後にデーモンになります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-i</option>,<option>--interactive</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-i</option>,<option>--interactive</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Run in the foreground, don't become a daemon."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "フォアグラウンドで実行して、デーモンになりません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-c</option>,<option>--config</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-c</option>,<option>--config</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"conf</filename>. For reference on the config file syntax and options, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<manvolnum>5</manvolnum> </citerefentry> manual page."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"非標準の設定ファイルを指定します。初期値は <filename>/etc/sssd/sssd.conf</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"filename> です。設定ファイルの構文とオプションは <citerefentry> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> マニュアルページを参照してください。"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "<option>--version</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>--version</option>"
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallaghermsgid "Print version number and exit."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "バージョン番号を表示して終了します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Signals"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Informs the SSSD to gracefully terminate all of its child processes and then "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"shut down the monitor."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD にすべての子プロセスを穏やかに停止するよう通知して、モニターをシャットダ"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SIGHUP"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Tells the SSSD to stop writing to its current debug file descriptors and to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"close and reopen them. This is meant to facilitate log rolling with programs "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"like logrotate."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD が現在のデバッグファイルディスクリプターに書き込むことを止めて、それらを"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"閉じてから開きなおすよう指示します。これは logrotate のようなプログラムを用い"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"てログローテーションを促進することを意味します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SIGUSR1"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SIGUSR1"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Tells the SSSD to simulate offline operation for the duration of the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"signal can be sent to either the sssd process or any sssd_be process "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SIGUSR2"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SIGUSR2"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Tells the SSSD to go online immediately. This is useful for testing. The "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"signal can be sent to either the sssd process or any sssd_be process "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"applications will not use the fast in memory cache."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_obfuscate"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_obfuscate"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "obfuscate a clear text password"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "平文パスワードをわかりにくくする"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable></arg>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_obfuscate</command> converts a given password into human-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"unreadable format and places it into appropriate domain section of the SSSD "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_obfuscate</command> は、与えられたパスワードを人間が読みにくい形"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"式に変換して、SSSD 設定ファイルの適切なドメインセクションに置きます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The cleartext password is read from standard input or entered "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"interactively. The obfuscated password is put into "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>ldap_default_authtok_type</quote> parameter is set to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"citerefentry> for more details on these parameters."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"解読しにくくされたパスワードが指定された SSSD ドメインの "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>ldap_default_authtok</quote> パラメータに置かれます。また "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>ldap_default_authtok_type</quote> パラメーターが "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>obfuscated_password</quote> に設定されます。これらのパラメーターの詳細"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry> を参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that obfuscating the password provides <emphasis>no real "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"security benefit</emphasis> as it is still possible for an attacker to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"reverse-engineer the password back. Using better authentication mechanisms "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"を <emphasis>強く</emphasis> 推奨します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-s</option>,<option>--stdin</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-s</option>,<option>--stdin</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The password to obfuscate will be read from standard input."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "解読しにくくするパスワードが標準入力から読み込まれます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The SSSD domain to use the password in. The default name is <quote>default</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"パスワードに使用する SSSD ドメインです。名前の初期値は <quote>default</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Read the config file specified by the positional parameter."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "位置パラメーターにより指定された設定ファイルを読み込みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: <filename>/etc/sssd/sssd.conf</filename>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "sss_override"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "create local overrides of user and group attributes"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<command>sss_override</command> enables to create a client-side view and "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"allows to change selected values of specific user and groups. This change "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"takes effect only on local machine."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"local overrides are lost. Please note that after the first override is "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"created using any of the following <emphasis>user-add</emphasis>, "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"take effect. <emphasis>sss_override</emphasis> prints message when a "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"restart is required."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "AVAILABLE COMMANDS"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Argument <emphasis>NAME</emphasis> is the name of original object in all "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"commands. It is not possible to override <emphasis>uid</emphasis> or "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<emphasis>gid</emphasis> to 0."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"optional> <optional><option>-g,--gid</option> GID</optional> "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"CERTIFICATE</optional>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Override attributes of an user. Please be aware that calling this command "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"will replace any previous override for the (NAMEd) user."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>user-del</option> <emphasis>NAME</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Remove user overrides. However be aware that overridden attributes might be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"returned from memory cache. Please see SSSD option "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>memcache_timeout</emphasis> for more details."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"is set, only users from the domain are listed."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>user-show</option> <emphasis>NAME</emphasis>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Show user overrides."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>user-import</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"similar to standard passwd file. The format is:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"where original_name is original name of the user whose attributes should be "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"overridden. The rest of fields correspond to new values. You can omit a "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"value simply by leaving corresponding field empty."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "ckent:superman::::::"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>user-export</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Export all overridden attributes and store them in <emphasis>FILE</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"emphasis>. See <emphasis>user-import</emphasis> for data format."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Override attributes of a group. Please be aware that calling this command "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"will replace any previous override for the (NAMEd) group."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>group-del</option> <emphasis>NAME</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Remove group overrides. However be aware that overridden attributes might be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"returned from memory cache. Please see SSSD option "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>memcache_timeout</emphasis> for more details."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"parameter is set, only groups from the domain are listed."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>group-show</option> <emphasis>NAME</emphasis>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Show group overrides."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>group-import</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"similar to standard group file. The format is:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "original_name:name:gid"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"where original_name is original name of the group whose attributes should be "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"overridden. The rest of fields correspond to new values. You can omit a "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"value simply by leaving corresponding field empty."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "admins:administrators:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Domain Users:Users:501"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>group-export</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Export all overridden attributes and store them in <emphasis>FILE</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"emphasis>. See <emphasis>group-import</emphasis> for data format."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "COMMON OPTIONS"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Those options are available with all commands."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_useradd"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_useradd"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "create a new user"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "新しいユーザーを作成する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_useradd</command> creates a new user account using the values "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"specified on the command line plus the default values from the system."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_useradd</command> は、コマンドラインにおいて指定された値とシステ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ムの初期値を使用して、新しいユーザーを作成します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"not given, it is chosen automatically."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーの UID を <replaceable>UID</replaceable> の値を設定します。与えられな"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"いと、自動的に選択されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Any text string describing the user. Often used as the field for the user's "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The home directory of the user account. The default is to append the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"that as the home directory. The base that is prepended before "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"baseDirectory</quote> setting in sssd.conf."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーアカウントのホームディレクトリーです。初期値は <filename>/home</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"filename> に <replaceable>LOGIN</replaceable> の名前を追加して、ホームディレ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"クトリーとして使用します。 <replaceable>LOGIN</replaceable> の前につけるベー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"スは sssd.conf において <quote>user_defaults/baseDirectory</quote> 設定で変更"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The user's login shell. The default is currently <filename>/bin/bash</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"filename>. The default can be changed with <quote>user_defaults/"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"defaultShell</quote> setting in sssd.conf."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのログインシェルです。初期値は現在 <filename>/bin/bash</filename> で"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す。初期値は sssd.conf において <quote>user_defaults/defaultShell</quote> で"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "A list of existing groups this user is also a member of."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "このユーザーがメンバーである既存のユーザーの一覧です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-m</option>,<option>--create-home</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-m</option>,<option>--create-home</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Create the user's home directory if it does not exist. The files and "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directories contained in the skeleton directory (which can be defined with "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the -k option or in the config file) will be copied to the home directory."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのホームディレクトリーが存在しなければ、それを作成します。(-k オプ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ションまたは設定ファイルで定義できる)スケルトンディレクトリーにあるファイル"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"とディレクトリーがホームディレクトリーにコピーされます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-M</option>,<option>--no-create-home</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-M</option>,<option>--no-create-home</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Do not create the user's home directory. Overrides configuration settings."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのホームディレクトリーを作成しません。設定を上書きします。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The skeleton directory, which contains files and directories to be copied in "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the user's home directory, when the home directory is created by "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_useradd</command>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"スケルトンディレクトリーです。ホームディレクトリーが <command>sss_useradd</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> により作成されるとき、ユーザーのホームディレクトリーにコピーされる"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ファイルとディレクトリーを含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"Special files (block devices, character devices, named pipes and unix "
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek"sockets) will not be copied."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"特殊ファイル (ブロックデバイス、キャラクターデバイス、名前付きパイプおよび "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"UNIX ソケット) はコピーされません。"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option is only valid if the <option>-m</option> (or <option>--create-"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"home</option>) option is specified, or creation of home directories is set "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"to TRUE in the configuration."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-m</option> (または <option>--create-home</option>) オプションが指定"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"されたとき、またはホームディレクトリーの作成が設定において TRUE に設定されて"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"いる場合のみ、このオプションが有効です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-Z</option>,<option>--selinux-user</option> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>SELINUX_USER</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-Z</option>,<option>--selinux-user</option> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>SELINUX_USER</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The SELinux user for the user's login. If not specified, the system default "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"will be used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーがログインする際の SELinux ユーザーです。未指定の場合、システムの初期"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sssd-krb5"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sssd-krb5"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD Kerberos provider"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This manual page describes the configuration of the Kerberos 5 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication backend for <citerefentry> <refentrytitle>sssd</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"manvolnum> </citerefentry> manual page."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> に対する Kerberos 5 認証バックエンド"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"の設定を説明しています。詳細な構文の参考資料は、<citerefentry> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"citerefentry> マニュアルページの <quote>ファイル形式</quote> セクションを参照"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The Kerberos 5 authentication backend contains auth and chpass providers. It "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"must be paired with an identity provider in order to function properly (for "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"example, id_provider = ldap). Some information required by the Kerberos 5 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication backend must be provided by the identity provider, such as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"the user's Kerberos Principal Name (UPN). The configuration of the identity "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"provider should have an entry to specify the UPN. Please refer to the man "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"page for the applicable identity provider for details on how to configure "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This backend also provides access control based on the .k5login file in the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please note that an empty .k5login file will deny all access to this user. "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"To activate this feature, use 'access_provider = krb5' in your SSSD "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"configuration."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"このバックエンドは、ユーザーのホームディレクトリーにある .k5login ファイルに"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"基づいたアクセス制御を提供します。詳細は <citerefentry> <refentrytitle>."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してく"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ださい。空の .k5login ファイルがあると、このユーザーに対するすべてのアクセス"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"が拒否されます。この機能を有効にするには、SSSD 設定において 'access_provider "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"= krb5' を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"In the case where the UPN is not available in the identity backend, "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sssd</command> will construct a UPN using the format "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"UPN が識別バックエンド <command>sssd</command> において利用できない場合は、形"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"式 <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"を使用して UPN を構築します。"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Specifies the comma-separated list of IP addresses or hostnames of the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Kerberos servers to which SSSD should connect, in the order of preference. "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"For more information on failover and server redundancy, see the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"colon) may be appended to the addresses or hostnames. If empty, service "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"discovery is enabled; for more information, refer to the <quote>SERVICE "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"DISCOVERY</quote> section."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"SSSD が接続したい AD サーバー(優先順)の IP アドレスまたはホスト名のカンマ区"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"切り一覧を指定します。フェールオーバーおよびサーバー冗長化に関する詳細は "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<quote>FAILOVER</quote> セクションを参照してください。ポート番号(コロンの後"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ろ)をオプションとして、アドレスやホスト名の後ろに付けることもできます。これ"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"が無ければ、サービス探索が有効になっています。詳細は <quote>サービス探索</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"quote> のセクションを参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The name of the Kerberos realm. This option is required and must be "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "Kerberos レルムの名前です。このオプションは指定する必要があります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "krb5_kpasswd, krb5_backup_kpasswd (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"If the change password service is not running on the KDC, alternative "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"servers can be defined here. An optional port number (preceded by a colon) "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"may be appended to the addresses or hostnames."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on failover and server redundancy, see the "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"servers to try, the backend is not switched to operate offline if "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"authentication against the KDC is still possible."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"quote>のセクションを参照してください。注:KDC に対する認証がまだ可能であるな"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"らば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフラ"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"インに切り替えないことに注意してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: Use the KDC"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: KDC を使用します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_ccachedir (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_ccachedir (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Directory to store credential caches. All the substitution sequences of "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"krb5_ccname_template can be used here, too, except %d and %P. The directory "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"is created as private and owned by the user, with permissions set to 0700."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: /tmp"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: /tmp"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_ccname_template (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_ccname_template (文字列)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "login name"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "ログイン名"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "login UID"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ログイン UID"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "principal name"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "プリンシパル名"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "realm name"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "home directory"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ホームディレクトリー"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "value of krb5_ccachedir"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:193 include/override_homedir.xml:31
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "the process ID of the SSSD client"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "SSSD クライアントのプロセス ID"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:199 include/override_homedir.xml:49
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:200 include/override_homedir.xml:50
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "a literal '%'"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "文字 '%'"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"Location of the user's credential cache. Three credential cache types are "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"implies the <quote>FILE</quote> type. In the template, the following "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"filename in a safe way."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"persistent:%U</quote>, which uses the Linux kernel keyring to store "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"credentials on a per-UID basis. This is also the recommended choice, as it "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"is the most secure and predictable method."
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"The default value for the credential cache name is sourced from the profile "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"stored in the system wide krb5.conf configuration file in the [libdefaults] "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"section. The option name is default_ccache_name. See krb5.conf(5)'s "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"PARAMETER EXPANSION paragraph for additional information on the expansion "
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek"format defined by krb5.conf."
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"NOTE: Please be aware that libkrb5 ccache expansion template from "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozekmsgid "Default: (from libkrb5)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_auth_timeout (integer)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_auth_timeout (整数)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Timeout in seconds after an online authentication request or change password "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"request is aborted. If possible, the authentication request is continued "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトで"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"す。可能ならば、認証要求がオフラインで継続されます。"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_validate (boolean)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "krb5_validate (論理値)"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Verify with the help of krb5_keytab that the TGT obtained has not been "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"spoofed. The keytab is checked for entries sequentially, and the first entry "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"with a matching realm is used for validation. If no entry matches the realm, "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"the last entry in the keytab is used. This process can be used to validate "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"environments using cross-realm trust by placing the appropriate keytab entry "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"as the last entry or the only entry in the keytab file."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_keytab (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_keytab (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The location of the keytab to use when validating credentials obtained from "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"KDC から取得したクレディンシャルを検証するときに使用されるキーテーブルの場所"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_store_password_if_offline (boolean)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_store_password_if_offline (論理値)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Store the password of the user if the provider is offline and use it to "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"request a TGT when the provider comes online again."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: this feature is only available on Linux. Passwords stored in this way "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"are kept in plaintext in the kernel keyring and are potentially accessible "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"by the root user (with difficulty)."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_renewable_lifetime (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_renewable_lifetime (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"Request a renewable ticket with a total lifetime, given as an integer "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"immediately followed by a time unit:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>s</emphasis> for seconds"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "秒は <emphasis>s</emphasis>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>m</emphasis> for minutes"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "分は <emphasis>m</emphasis>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>h</emphasis> for hours"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "時間は <emphasis>h</emphasis>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "<emphasis>d</emphasis> for days."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "日は <emphasis>d</emphasis>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"and a half hours, use '90m' instead of '1h30m'."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"指定したい場合、'1h30m' の代わりに '90m' を使用します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: not set, i.e. the TGT is not renewable"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 設定されません、つまり TGT は更新可能ではありません"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_lifetime (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_lifetime (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Request ticket with a lifetime, given as an integer immediately followed by "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"a time unit:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "If there is no unit given <emphasis>s</emphasis> is assumed."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"NOTE: It is not possible to mix units. To set the lifetime to one and a "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"half hours please use '90m' instead of '1h30m'."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"指定したい場合、'1h30m' の代わりに '90m' を使用してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Default: not set, i.e. the default ticket lifetime configured on the KDC."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "krb5_renew_interval (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "krb5_renew_interval (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The time in seconds between two checks if the TGT should be renewed. TGTs "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"are renewed if about half of their lifetime is exceeded, given as an integer "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"immediately followed by a time unit:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "If this option is not set or is 0 the automatic renewal is disabled."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"このオプションが設定されていない場合、または 0 に設定されている場合、自動更新"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_fast (string)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "krb5_use_fast (文字列)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"authentication. The following options are supported:"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Kerberos の事前認証のために flexible authentication secure tunneling (FAST) "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"を有効化します。以下のオプションがサポートされます:"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"option at all."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<emphasis>never</emphasis> は FAST を使用します。このオプションを何も設定しな"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"continue the authentication without it."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<emphasis>try</emphasis> は FAST を使用します。サーバーが FAST をサポートして"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"いなければ、FAST を使用せずに認証を続行します。"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"server does not require fast."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<emphasis>demand</emphasis> は FAST を使用します。サーバーが FAST を要求しな"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ければ、認証が失敗します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Default: not set, i.e. FAST is not used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "初期値: 設定されません、つまり FAST が使用されません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozekmsgid "NOTE: a keytab is required to use FAST."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "注: キーテーブルは FAST を使用する必要があります。"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"SSSD is used with an older version of MIT Kerberos, using this option is a "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"configuration error."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポート"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"します。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプショ"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ンを使用すると設定エラーになります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "krb5_fast_principal (string)"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "krb5_fast_principal (文字列)"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Specifies the server principal to use for FAST."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "FAST に対して使用するサーバープリンシパルを指定します。"
3a8abe04137d028b8ebd1cb33152aefa55893efbStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
bdd205037059e56484de3174951b22ff8f0f79f8Stephen Gallagher"Specifies if the host and user principal should be canonicalized. This "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"feature is available with MIT Kerberos 1.7 and later versions."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"MIT Kerberos 1.7 およびそれ以降で利用可能です。"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_enterprise_principal (boolean)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "krb5_use_enterprise_principal (論理値)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Specifies if the user principal should be treated as enterprise principal. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"See section 5 of RFC 6806 for more details about enterprise principals."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ユーザープリンシパルをエンタープライズプリンシパルとして取り扱うかどうかを指"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"定します。エンタープライズプリンシパルの詳細は RFC 6806 のセクション 5 を参照"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: false (AD provider: true)"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"The IPA provider will set to option to 'true' if it detects that the server "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"is capable of handling enterprise principals and the option is not set "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"explicitly in the config file."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "krb5_map_user (string)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"The list of mappings is given as a comma-separated list of pairs "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"name and <quote>primary</quote> is a user part of a kerberos principal. This "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"mapping is used when user is authenticating using <quote>auth_provider = "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5</quote>."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_realm = REALM\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_map_user = joe:juser,dick:richard\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"If the auth-module krb5 is used in an SSSD domain, the following options "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプショ"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"ンを使用する必要があります。 SSSD ドメインの設定における詳細は "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manvolnum> </citerefentry> マニュアルページの <quote>ドメインセクション</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"quote> を参照してください。 <placeholder type=\"variablelist\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The following example assumes that SSSD is correctly configured and FOO is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
e5c33e0bd03a2deb8e5011deeb3ae93f960910eeJakub Hrozek"example shows only configuration of Kerberos authentication; it does not "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"include any identity provider."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"の設定のみを示し、識別プロバイダーを何も含みません。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"auth_provider = krb5\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_server = 192.168.1.1\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_realm = EXAMPLE.COM\n"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupadd"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_groupadd"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "create a new group"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "新しいグループを作成する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupadd</command> creates a new group. These groups are "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"compatible with POSIX groups, with the additional feature that they can "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"contain other groups as members."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupadd</command> が新しいグループを作成します。これらのグルー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"プは POSIX グループと互換性があり、他のグループをメンバーとして含められる追加"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"not given, it is chosen automatically."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"グループの GID を <replaceable>GID</replaceable> の値に設定します。与えられな"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"いと、自動的に選択されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_userdel"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_userdel"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "delete a user account"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーアカウントを削除する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_userdel</command> deletes a user identified by login name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> from the system."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_userdel</command> はログイン名 <replaceable>LOGIN</replaceable> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"により識別されるユーザーをシステムから削除します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-r</option>,<option>--remove</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-r</option>,<option>--remove</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Files in the user's home directory will be removed along with the home "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"リーとユーザーのメールスプールとともに削除されます。設定が上書きされます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-R</option>,<option>--no-remove</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-R</option>,<option>--no-remove</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Files in the user's home directory will NOT be removed along with the home "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directory itself and the user's mail spool. Overrides the configuration."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"リーとユーザーのメールスプールとともに削除されません。設定が上書きされます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-f</option>,<option>--force</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-f</option>,<option>--force</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"This option forces <command>sss_userdel</command> to remove the user's home "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"directory and mail spool, even if they are not owned by the specified user."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このオプションは、指定されたユーザーにより所有されていないものさえ、"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_userdel</command> がユーザーのホームディレクトリーとメールスプー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ルを削除するよう強制します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-k</option>,<option>--kick</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-k</option>,<option>--kick</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Before actually deleting the user, terminate all his processes."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupdel"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_groupdel"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "delete a group"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "グループを削除する"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupdel</command> deletes a group identified by its name "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>GROUP</replaceable> from the system."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupdel</command> は名前 <replaceable>GROUP</replaceable> によ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"り識別されるグループをシステムから削除します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_groupshow"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_groupshow"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "print properties of a group"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "グループのプロパティーを表示します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_groupshow</command> displays information about a group "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"identified by its name <replaceable>GROUP</replaceable>. The information "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"includes the group ID number, members of the group and the parent group."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_groupshow</command> はその名前 <replaceable>GROUP</replaceable> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"により識別されるグループに関する情報を表示します。情報はグループ ID 番号、グ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ループのメンバーおよび親グループを含みます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-R</option>,<option>--recursive</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-R</option>,<option>--recursive</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Also print indirect group members in a tree-like hierarchy. Note that this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"also affects printing parent groups - without <option>R</option>, only the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"direct parent will be printed."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ツリー階層形式で間接的なグループメンバーも表示します。これは親グループの表示"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"にも影響を与えることに注意してください - <option>R</option> を指定しないと、"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"直接の親のみが表示されます。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "sss_usermod"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_usermod"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "modify a user account"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーアカウントを修正します"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<command>sss_usermod</command> modifies the account specified by "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"on the command line."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_usermod</command> は、コマンドラインにおいて指定された変更を反映"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"するために、 <replaceable>LOGIN</replaceable> により指定されたアカウントを変"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The home directory of the user account."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーアカウントのホームディレクトリーです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The user's login shell."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのログインシェルです。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Append this user to groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"a comma separated list of group names."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定された"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"プ名のカンマ区切り一覧です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Remove this user from groups specified by the <replaceable>GROUPS</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"replaceable> parameter."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<replaceable>GROUPS</replaceable> "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-l</option>,<option>--lock</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-l</option>,<option>--lock</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Lock the user account. The user won't be able to log in."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーアカウントをロックします。ユーザーはログインできなくなります。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<option>-u</option>,<option>--unlock</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-u</option>,<option>--unlock</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Unlock the user account."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーアカウントのロックを解除します。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The SELinux user for the user's login."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ユーザーのログインのための SELinux ユーザーです。"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "Add an attribute/value pair. The format is attrname=value."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Set an attribute to a name/value pair. The format is attrname=value. For "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"multi-valued attributes, the command replaces the values already present"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "Delete an attribute/value pair. The format is attrname=value."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_cache"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_cache"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "perform cache cleanup"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "キャッシュクリーンアップを実行する"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"records are forced to be reloaded from server as soon as related SSSD "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"backend is online. Options that invalidate a single object only accept a "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"single provided argument."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozekmsgid "<option>-E</option>,<option>--everything</option>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "<option>-E</option>,<option>--everything</option>"
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Invalidate all cached entries."
d6d50c17e94dc0d3000345e8a933311c14bbb828Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific user."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "特定のユーザーを無効にします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-U</option>,<option>--users</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-U</option>,<option>--users</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all user records. This option overrides invalidation of specific "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"user if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"れが特定のユーザーの無効化を上書きします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific group."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "特定のグループを無効にします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-G</option>,<option>--groups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-G</option>,<option>--groups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all group records. This option overrides invalidation of specific "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"group if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"すべてのグループレコードを無効にします。このオプションも設定されていると、こ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"れが特定のグループの無効化を上書きします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Invalidate specific netgroup."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "特定のネットワークグループを無効にします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "<option>-N</option>,<option>--netgroups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<option>-N</option>,<option>--netgroups</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Invalidate all netgroup records. This option overrides invalidation of "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"specific netgroup if it was also set."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"すべてのネットワークグループレコードを無効にします。このオプションが設定され"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ていると、これが特定のネットワークグループの無効化を上書きします。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-s</option>,<option>--service</option> <replaceable>service</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-s</option>,<option>--service</option> <replaceable>service</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Invalidate specific service."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "特定のサービスを無効化します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<option>-S</option>,<option>--services</option>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "<option>-S</option>,<option>--services</option>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Invalidate all service records. This option overrides invalidation of "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"specific service if it was also set."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"すべてのサービスレコードを無効にします。このオプションも設定されていると、こ"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"れが特定のサービスの無効化を上書きします。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Invalidate specific autofs maps."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "特定の autofs マップを無効化します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "<option>-A</option>,<option>--autofs-maps</option>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "<option>-A</option>,<option>--autofs-maps</option>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Invalidate all autofs maps. This option overrides invalidation of specific "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"map if it was also set."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"すべての autofs マップを無効化します。このオプションは特定のマップが設定され"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"ていても、その無効化を上書きします。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"replaceable>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Invalidate SSH public keys of a specific host."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "<option>-H</option>,<option>--ssh-hosts</option>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Invalidate SSH public keys of all hosts. This option overrides invalidation "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"of SSH public keys of specific host if it was also set."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"replaceable>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Invalidate particular sudo rule."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>-R</option>,<option>--sudo-rules</option>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Invalidate all cached sudo rules. This option overrides invalidation of "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"specific sudo rule if it was also set."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Restrict invalidation process only to a particular domain."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "無効化プロセスを特定のドメインのみに制限します。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_debuglevel"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_debuglevel"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "change debug level while SSSD is running"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "[DEPRECATED] change debug level while SSSD is running"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "SSSD が実行中にデバッグレベルを変更する"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"debug-level command. Please refer to the <command>sssctl</command> man page "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"for more information on sssctl usage."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "sss_seed"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "sss_seed"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "seed the SSSD cache with a user"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"temporary password. If a user entry is already present in the SSSD cache "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"then the entry is updated with the temporary password."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Provide the name of the domain in which the user is a member of. The domain "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"is also used to retrieve user information. The domain must be configured in "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Information retrieved from the domain overrides what is provided in the "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-n</option>,<option>--username</option> <replaceable>USER</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<option>-n</option>,<option>--username</option> <replaceable>USER</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"The username of the entry to be created or modified in the cache. The "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<replaceable>USER</replaceable> option must be provided."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Set the UID of the user to <replaceable>UID</replaceable>."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ユーザーの UID を <replaceable>UID</replaceable> に設定します。"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Set the GID of the user to <replaceable>GID</replaceable>."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ユーザーの GID を <replaceable>GID</replaceable> に設定します。"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ユーザーのホームディレクトリーを <replaceable>HOME_DIR</replaceable> に設定し"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Interactive mode for entering user information. This option will only prompt "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"for information not provided in the options or retrieved from the domain."
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"replaceable>"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"replaceable>"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"Specify file to read user's password from. (if not specified password is "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"prompted for)"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"The length of the password (or the size of file specified with -p or --"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"on systems with no globally-defined PASS_MAX value)."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "sssd-ifp"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD InfoPipe responder"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This manual page describes the configuration of the InfoPipe responder for "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The InfoPipe responder provides a public D-Bus interface accessible over the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"system bus. The interface allows the user to query information about remote "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"users and groups over the system bus."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "These options can be used to configure the InfoPipe responder."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Specifies the comma-separated list of UID values or user names that are "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that although the UID 0 is used as the default it will be "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"overwritten with this option. If you still want to allow the root user to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"access the InfoPipe responder, which would be the typical case, you have to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"add 0 to the list of allowed UIDs as well."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Specifies the comma-separated list of white or blacklisted attributes."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user's login name"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "uidNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user ID"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "gidNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "primary group ID"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "gecos"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user information, typically full name"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "homeDirectory"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "loginShell"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user shell"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"By default, the InfoPipe responder only allows the default set of POSIX "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"attributes to be requested. This set is the same as returned by "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"user_attributes = +telephoneNumber, -loginShell\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"It is possible to add another attribute to this set by using <quote>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"+attr_name</quote> or explicitly remove an attribute using <quote>-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"deny <quote>loginShell</quote>, you would use the following configuration: "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: not set. Only the default set of POSIX attributes is allowed."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Specifies an upper limit on the number of entries that are downloaded during "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"a wildcard lookup that overrides caller-supplied limit."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: 0 (let the caller set an upper limit)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refentryinfo>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "sss_rpcidmapd"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "sss plugin configuration directives for rpc.idmapd"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "CONFIGURATION FILE"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "SSS CONFIGURATION EXTENSION"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Enable SSS plugin"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"attribute to contain <emphasis>sss</emphasis>."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "[sss] config section"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"In order to change the default of one of the configuration attributes of the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<emphasis>sss</emphasis> plugin listed below you will need to create a "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"config section for it, named <quote>[sss]</quote>."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Configuration attributes"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "memcache (bool)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Indicates whether or not to use memcache optimisation technique."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "SSSD INTEGRATION"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"[General]\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Verbosity = 2\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"# domain must be synced between NFSv4 server and clients\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Domain = default\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"[Mapping]\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Nobody-User = nfsnobody\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Nobody-Group = nfsnobody\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"[Translation]\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Method = sss\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The following example shows a minimal idmapd.conf which makes use of the sss "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "SEE ALSO"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgstr "関連項目"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_ssh_authorizedkeys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_ssh_authorizedkeys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refmeta><manvolnum>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "get OpenSSH authorized keys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "OpenSSH 認可キーを取得する"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>USER</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>USER</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> for more information)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_authorizedkeys</command> はユーザー <replaceable>USER</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"replaceable> の SSH 公開鍵を取得して、 OpenSSH authorized_keys 形式に出力しま"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"す (詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> の <quote>AUTHORIZED_KEYS FILE FORMAT</quote> セク"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ションを参照してください)。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> for public key user authentication if it is compiled with support "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"manvolnum></citerefentry> man page for more details about this option."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek" AuthorizedKeysCommandUser nobody\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <quote>AuthorizedKeysCommand</quote> is supported, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"citerefentry> can be configured to use it by putting the following "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD ドメイン <replaceable>DOMAIN</replaceable> にあるユーザーの公開鍵を検索"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "EXIT STATUS"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "終了コード"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refname>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "sss_ssh_knownhostsproxy"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "sss_ssh_knownhostsproxy"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refnamediv><refpurpose>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "get OpenSSH host keys"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "OpenSSH ホストキーを取得します"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>options</replaceable> </arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"pubconf/known_hosts</filename> and establishes the connection to the host."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"create the connection to the host instead of opening a socket."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<replaceable>PROXY_COMMAND</replaceable> が指定されていると、ソケットを開く代"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"わりにホストへの接続を作成するために使用されます。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para><programlisting>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
7797e361155f7ce937085fd98e360469d7baf1b6Jakub Hrozek"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> for host key authentication by using the following directives for "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"citerefentry> は <citerefentry><refentrytitle>ssh</refentrytitle> "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<manvolnum>1</manvolnum></citerefentry> 設定に対して以下のディレクティブを使"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"用することにより、ホストキー認証に <command>sss_ssh_knownhostsproxy</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"command> を使用するために設定できます: <placeholder type=\"programlisting\" "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Use port <replaceable>PORT</replaceable> to connect to the host. By "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"default, port 22 is used."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ホストに接続するためにポート <replaceable>PORT</replaceable> を使用します。初"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"期値ではポート 22 が使用されます。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"SSSD ドメイン <replaceable>DOMAIN</replaceable> においてホスト公開鍵を検索し"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozekmsgid "idmap_sss"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "SSSD's idmap_sss Backend for Winbind"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. "
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"No database is required in this case as the mapping is done by SSSD."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozekmsgid "IDMAP OPTIONS"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozekmsgid "range = low - high"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Defines the available matching UID and GID range for which the backend is "
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"authoritative."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"This example shows how to configure idmap_sss as the default mapping module."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><programlisting>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"security = domain\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"workgroup = MAIN\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"idmap config * : backend = sss\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"idmap config * : range = 200000-2147483647\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "sssctl"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "SSSD control and status utility"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"<command>sssctl</command> provides a simple and unified way to obtain "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"information about SSSD status, such as active server, auto-discovered "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"servers, domains and cached objects. In addition, it can manage SSSD data "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"files for troubleshooting in such a way that is safe to manipulate while "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"SSSD is running."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"To list all available commands run <command>sssctl</command> without any "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"parameters. To print help for selected command run <command>sssctl COMMAND --"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"help</command>."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "sssd-files"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "SSSD files provider"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"This manual page describes the files provider for <citerefentry> "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The files provider mirrors the content of the <citerefentry> "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"provider is to make the users and groups traditionally only accessible with "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"NSS interfaces also available through the SSSD interfaces such as "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"manvolnum> </citerefentry>."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The files provider has no specific options of its own, however, generic SSSD "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"domain options can be set where applicable. Refer to the section "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"for details on the configuration of an SSSD domain."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The following example assumes that SSSD is correctly configured and files is "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"one of the domains in the <replaceable>[sssd]</replaceable> section."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"id_provider = files\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "sssd-secrets"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "SSSD Secrets responder"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This manual page describes the configuration of the Secrets responder for "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Many system and user applications need to store private information such as "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"passwords or service keys and have no good way to properly deal with them. "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The simple approach is to embed these <quote>secrets</quote> into "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration files potentially ending up exposing sensitive key material to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"backups, config management system and in general making it harder to secure "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"project was born to deal with this problem in cloud like environments, but "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"we found the idea compelling even at a single system level. As a security "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"service, SSSD is ideal to host this capability while offering the same API "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"via a UNIX Socket. This will make it possible to use local calls and have "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"them transparently routed to a local or a remote key management store like "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"IPA Vault for storage, escrow and recovery."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets are simple key-value pairs. Each user's secrets are namespaced "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"using their user ID, which means the secrets will never collide between "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"users. Secrets can be stored inside <quote>containers</quote> which can be "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "secrets"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "secrets for general usage"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "permissions on a newly created home directory."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> service."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry> により使用されます。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Since the secrets responder can be used both externally to store general "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"secrets, as described in the rest of this man page, but also internally by "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"other SSSD components to store their secret material, some configuration "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"options, like quotas can be configured per <quote>hive</quote> in a "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"configuration subsection named after the hive. The currently supported hives "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"are: <placeholder type=\"variablelist\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "USING THE SECRETS RESPONDER"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"systemctl start sssd-secrets.socket\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"systemctl enable sssd-secrets.socket\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"systemctl enable sssd-secrets.service\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets responder is socket-activated by <citerefentry> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"citerefentry>. Unlike other SSSD responders, it cannot be started by adding "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the <quote>secrets</quote> string to the <quote>service</quote> directive. "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The systemd socket unit is called <quote>sssd-secrets.socket</quote> and the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"corresponding service file is called <quote>sssd-secrets.service</quote>. In "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"order for the service to be socket-activated, make sure the socket is "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"enabled and active and the service is enabled: <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"0\"/> Please note your distribution may already "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configure the units for you."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The generic SSSD responder options such as <quote>debug_level</quote> or "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<quote>fd_limit</quote> are accepted by the secrets responder. Please refer "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"manvolnum> </citerefentry> manual page for a complete list. In addition, "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"there are some secrets-specific options as well."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The secrets responder is configured with a global <quote>[secrets]</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"in <filename>sssd.conf</filename>. Please note that some options, notably as "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the provider type, can only be specified in the per-user subsections."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "provider (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "local"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets are stored in a local database, encrypted at rest with a master "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"key. The local provider does not have any additional config options at the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "proxy"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets responder forwards the requests to a Custodia server. The proxy "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"provider supports several additional options (see below)."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This option specifies where should the secrets be stored. The secrets "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"responder can configure a per-user subsections (e.g. <quote>[secrets/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"users/123]</quote> - see bottom of this manual page for a full example using "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Custodia for a particular user) that define which provider store the secrets "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"for this particular user. The per-user subsections should contain all "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"options for that user's provider. Please note that currently the global "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"provider is always local, the proxy provider can only be specified in a per-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"user section. The following providers are supported: <placeholder type="
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"variablelist\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: local"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The following options affect only the secrets <quote>hive</quote> and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"therefore should be set in a per-hive subsection. Setting the option to 0 "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"means \"unlimited\"."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "containers_nest_level (integer)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "This option specifies the maximum allowed number of nested containers."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: 4"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "max_secrets (integer)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This option specifies the maximum number of secrets that can be stored in "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 1024 (secrets hive), 256 (kcm hive)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "pam_id_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "max_uid_secrets (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "pam_id_timeout (整数)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This option specifies the maximum number of secrets that can be stored per-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"UID in the hive."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 256 (secrets hive), 64 (kcm hive)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "max_payload_size (integer)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"This option specifies the maximum payload size allowed for a secret payload "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"in kilobytes."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"max_payload_size = 128\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"max_payload_size = 256\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For example, to adjust quotas differently for both the <quote>secrets</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"quote> and the <quote>kcm</quote> hives, configure the following: "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following options are only applicable for configurations that use the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<quote>proxy</quote> provider."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "proxy_url (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The URL the Custodia server is listening on. At the moment, http and https "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"protocols are supported."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "http[s]://<host>[:port]"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "auth_type (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The method to use when authenticating to a Custodia server. The following "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"authentication methods are supported:"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "basic_auth"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Authenticate with a username and a password as set in the <quote>username</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"quote> and <quote>password</quote> options."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "header"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Authenticate with HTTP header value as defined in the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration options."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "auth_header_name (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"If set, the secrets responder would put a header with this name into the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"HTTP request with the value defined in the <quote>auth_header_value</quote> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration option."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Example: MYSECRETNAME"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "auth_header_value (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Example: mysecret"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "forward_headers (list of strings)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The list of HTTP headers to forward to the Custodia server together with the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "verify_peer (boolean)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Whether peer's certificate should be verified and valid if HTTPS protocol is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"used with the proxy provider."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "verify_host (boolean)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Whether peer's hostname must match with hostname in its certificate if HTTPS "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"protocol is used with the proxy provider."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "capath (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Path to directory containing stored certificate authority certificates. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"System default path is used if this option is not set."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "cacert (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Path to file containing server's certificate authority certificate. If this "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"option is not set then the CA's certificate is looked up in <quote>capath</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "cert (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Path to file containing client's certificate if required by the server. This "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"file may also contain private key or the private key may be in separate file "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"set with <quote>key</quote>."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "key (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Path to file containing client's private key."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "USING THE REST API"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This section lists the available commands and includes examples using the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"</citerefentry> utility. All requests towards the proxy provider must set "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the Content Type header to <quote>application/json</quote>. In addition, the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"local provider also supports Content Type set to <quote>application/octet-"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"stream</quote>. Secrets stored with requests that set the Content Type "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"header to <quote>application/octet-stream</quote> are base64-encoded when "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"stored and decoded when retrieved, so it's not possible to store a secret "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"with one Content Type and retrieve with another. The secret URI must begin "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"with <filename>/secrets/</filename>."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Listing secrets"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To list the available secrets, send a HTTP GET request with a trailing slash "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"appended to the container path."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Retrieving a secret"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To read a value of a single secret, send a HTTP GET request without a "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"trailing slash. The last portion of the URI is the name of the secret."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/octet-stream\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"1\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Setting a secret"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To set a secret using the <quote>application/json</quote> type, send a HTTP "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"PUT request with a JSON payload that includes type and value. The type "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"should be set to \"simple\" and the value should be set to the secret value. "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"If a secret with that name already exists, the response is a 409 HTTP error."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The <quote>application/json</quote> type just sends the secret as the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"message payload."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/octet-stream\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" -d'barsecret'\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following example sets a secret named 'foo' to a value of 'foosecret' "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"and a secret named 'bar' to a value of 'barsecret' using a different Content "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Type. <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"1\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Creating a container"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Containers provide an additional namespace for this user's secrets. To "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"create a container, send a HTTP POST request, whose URI ends with the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"container name. Please note the URI must end with a trailing slash."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" -XPOST http://localhost/secrets/mycontainer/\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following example creates a container named 'mycontainer': <placeholder "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"http://localhost/secrets/mycontainer/mysecret\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To manipulate secrets under this container, just nest the secrets underneath "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Deleting a secret or a container"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To delete a secret or a container, send a HTTP DELETE request with a path to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the secret or the container."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following example deletes a secret named 'foo'. <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"For testing the proxy provider, you need to set up a Custodia server to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"proxy requests to. Please always consult the Custodia documentation, the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration directives might change with different Custodia versions."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"server_version = \"Secret/0.0.7\"\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"debug = True\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[store:simple]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"table = secrets\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[auth:header]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"handler = custodia.httpd.authenticators.SimpleHeaderAuth\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"header = MYSECRETNAME\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"value = mysecretkey\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[authz:paths]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"handler = custodia.httpd.authorizers.SimplePathAuthz\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"paths = /secrets\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"store = simple\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This configuration will set up a Custodia server listening on http://"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"mysecretkey to communicate with the Custodia server. Place the contents "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"into a file (for example, <replaceable>custodia.conf</replaceable>): "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"config file as a command line argument."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Please note that currently it's not possible to proxy all requests globally "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"to a Custodia instance. Instead, per-user subsections for user IDs that "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"should proxy requests to Custodia must be defined. The following example "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"illustrates a configuration, where the user with UID 123 would proxy their "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"requests to Custodia, but all other user's requests would be handled by a "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"local provider."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[secrets]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"provider = proxy\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"auth_type = header\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"auth_header_name = MYSECRETNAME\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"auth_header_value = mysecretkey\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sssd-session-recording"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Configuring sudo with the SSSD back end"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Configuring session recording with SSSD"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "SSSD バックエンドを用いた sudo の設定法"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "This manual page describes the configuration of the simple access-control "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This manual page describes how to configure <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"implement user session recording on text terminals. For a detailed "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"式</quote> セクションを参照してください。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"SSSD can be set up to enable recording of everything specific users see or "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"type during their sessions on text terminals. E.g. when users log in on the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tlog-rec-session is started upon user login, so it can record according to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"its configuration."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For users with session recording enabled, SSSD replaces the user shell with "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tlog-rec-session in NSS responses, and adds a variable specifying the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"original shell to the user environment, upon PAM session setup. This way "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tlog-rec-session can be started in place of the user shell, and know which "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"actual shell to start, once it set up the recording."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "These options can be used to configure the SSH service."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "These options can be used to configure the session recording."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "これらのオプションは SSH サービスを設定するために使用されます。"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The following snippet of sssd.conf enables session recording for users "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"contractor1\" and \"contractor2\", and group \"students\"."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"[session_recording]\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"scope = some\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"users = contractor1, contractor2\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"groups = students\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sssd-kcm"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "SSSD Kerberos Cache Manager"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This manual page describes the configuration of the SSSD Kerberos Cache "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"credential caches. It originates in the Heimdal Kerberos project, although "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the MIT Kerberos library also provides client side (more details on that "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"below) support for the KCM credential cache."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"In a setup where Kerberos caches are managed by KCM, the Kerberos library "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"(typically used through an application, like e.g., <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"being referred to as a <quote>\"KCM server\"</quote>. The client and server "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"communicate over a UNIX socket."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The KCM server keeps track of each credential caches's owner and performs "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"access check control based on the UID and GID of the KCM client. The root "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"user has access to all credential caches."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "The KCM credential cache has several interesting properties:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"since the process runs in userspace, it is subject to UID namespacing, "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"unlike the kernel keyring"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"unlike the kernel keyring-based cache, which is shared between all "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"containers, the KCM server is a separate process whose entry point is a UNIX "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry> secrets store, allowing the ccaches to survive KCM server "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"restarts or machine reboots."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This allows the system to use a collection-aware credential cache, yet share "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the credential cache between some or no containers by bind-mounting the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "USING THE KCM CREDENTIAL CACHE"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"[libdefaults]\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek" default_ccache_name = KCM:\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"In order to use KCM credential cache, it must be selected as the default "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"credential type in <citerefentry> <refentrytitle>krb5.conf</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"cache name must be only <quote>KCM:</quote> without any template "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Next, make sure the Kerberos client libraries and the KCM server must agree "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"on the UNIX socket path. By default, both use the same path <replaceable>/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"library, change its <quote>kcm_socket</quote> option which is described in "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl start sssd-kcm.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl enable sssd-kcm.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Finally, make sure the SSSD KCM server can be contacted. The KCM service is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"typically socket-activated by <citerefentry> <refentrytitle>systemd</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"services, it cannot be started by adding the <quote>kcm</quote> string to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the <quote>service</quote> directive. <placeholder type=\"programlisting\" "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"id=\"0\"/> Please note your distribution may already configure the units for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "THE CREDENTIAL CACHE STORAGE"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl start sssd-secrets.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl enable sssd-secrets.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The credential caches are stored in the SSSD secrets service (see "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry> for more details). Therefore it is important that "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"also the sssd-secrets service is enabled and its socket is started: "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"already set the dependencies between the services."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"conf file. Please note that currently, is it not sufficient to restart the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"sssd-kcm service, because the sssd configuration is only parsed and read to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"an internal configuration database by the sssd service. Therefore you must "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"restart the sssd service if you change anything in the <quote>kcm</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"section of sssd.conf. For a detailed syntax reference, refer to the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The generic SSSD service options such as <quote>debug_level</quote> or "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry> manual page for a complete list. In addition, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"there are some KCM-specific options as well."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "socket_path (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "The socket the KCM service will listen on."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "sssd-simple"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sssd-systemtap"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "sssd-simple"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "SSSD systemtap information"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "This manual page only describes attribute name mapping. For detailed "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "explanation of sudo related attribute semantics, see <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "citerefentry>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This manual page provides information about the systemtap functionality in "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"</citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"SystemTap Probe points have been added into various locations in SSSD code "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"to assist in troubleshooting and analyzing performance related issues."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"respectively."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "PROBE POINTS"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The information below lists the probe points and arguments available in the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"following format:"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "realm name"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe $name"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "レルム名"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Description of probe point"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"variable1:datatype\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"variable2:datatype\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"variable3:datatype\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Database Transaction Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_start"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"nesting:integer\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"probestr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_cancel"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_commit_before"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sysdb_transaction_commit_before() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_commit_after"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sysdb_transaction_commit_after() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "LDAP Search Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_get_generic_ext_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"base:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"scope:integer\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"probestr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_get_generic_ext_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_deref_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_deref_search_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"base_dn:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"deref_attr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"probestr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_deref_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_deref_search_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "LDAP Account Request Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_acct_req_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_acct_req_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"entry_type:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter_type:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter_value:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"extra_value:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_acct_req_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_acct_req_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "LDAP User Search Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#, fuzzy, no-wrap
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "fallback_homedir = /home/%u\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"fallback_homedir = /home/%u\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_save_begin"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_save_begin() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_save_end"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_save_end() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Data Provider Request Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe dp_req_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "A Data Provider request is submitted."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_domain:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_name:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_target:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_method:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe dp_req_done"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "A Data Provider request is completed."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_name:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_target:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_method:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_ret:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_errorstr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "MISCELLANEOUS FUNCTIONS"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "function acct_req_desc(entry_type)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Convert entry_type to string and return string"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter_value, extra_value)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Create probe string based on filter type"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "function dp_target_str(target)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Convert target to string and return string"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "function dp_method_str(target)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Convert method to string and return string"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "SERVICE DISCOVERY"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekmsgstr "サービス探索"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The service discovery feature allows back ends to automatically find the "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"appropriate servers to connect to using a special DNS query. This feature is "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"not supported for backup servers."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Configuration"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If no servers are specified, the back end automatically uses service "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"discovery to try to find a server. Optionally, the user may choose to use "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"both fixed server addresses and service discovery by inserting a special "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"preference is maintained. This feature is useful if, for example, the user "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"prefers to use service discovery whenever possible, and fall back to a "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"specific server when no servers can be discovered using DNS."
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとする"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"ために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"特別なキーワード <quote>_srv_</quote> を挿入することにより、ユーザーが固定"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これ"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"は設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"し、DNS を使用してサーバーを探索できないときに特定のサーバーにフォールバック"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek"したい場合、この機能は有用です。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The domain name"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"manvolnum> </citerefentry> manual page for more details."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"manvolnum> </citerefentry> マニュアルページにある "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The protocol"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The queries usually specify _tcp as the protocol. Exceptions are documented "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"in respective option description."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプ"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"ションの説明にドキュメント化されています。"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "See Also"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"For more information on the service discovery mechanism, refer to RFC 2782."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <refentryinfo>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: outside any tag (error?)
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "FAILOVER"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "フェイルオーバー"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The failover feature allows back ends to automatically switch to a different "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"server if the current server fails."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Failover Syntax"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "フェイルオーバーの構文"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The list of servers is given as a comma-separated list; any number of spaces "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"is allowed around the comma. The servers are listed in order of preference. "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The list can contain any number of servers."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいく"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"つでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいく"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"For each failover-enabled config option, two variants exist: "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"that servers in the primary list are preferred and backup servers are only "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"searched if no primary servers can be reached. If a backup server is "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"periodically try to reconnect to one of the primary servers. If it succeeds, "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"it will replace the current active (backup) server."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><title>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "The Failover Mechanism"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "フェイルオーバーのメカニズム"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"The failover mechanism distinguishes between a machine and a service. The "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"back end first tries to resolve the hostname of a given machine; if this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"resolution attempt fails, the machine is considered offline. No further "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"attempts are made to connect to this machine for any other service. If the "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"resolution attempt succeeds, the back end tries to connect to a service on "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"this machine. If the service connection attempt fails, then only this "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"particular service is considered offline and the back end automatically "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"switches over to the next service. The machine is still considered online "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"and might still be tried for another service."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"Further connection attempts are made to machines or services marked as "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline after a specified period of time; this is currently hard coded to 30 "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <refsect1><refsect2><para>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"If there are no more machines to try, the back end as a whole switches to "
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher"offline mode, and then attempts to reconnect every 30 seconds."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Failover time outs and tuning"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Resolving a server to connect to can be as simple as running a single DNS "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"query or can involve several steps, such as finding the correct site or "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"trying out multiple host names in case some of the configured servers are "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"not reachable. The more complex scenarios can take some time and SSSD needs "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"to balance between providing enough time to finish the resolution process "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"but on the other hand, not trying for too long before falling back to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"offline mode. If the SSSD debug logs show that the server resolution is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"timing out before a live server is contacted, you can consider changing the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "dns_resolver_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "dns_resolver_op_timeout"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "dns_resolver_timeout (整数)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "How long would SSSD talk to a single DNS server."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "dns_resolver_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "dns_resolver_timeout"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "dns_resolver_timeout (整数)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"How long would SSSD try to resolve a failover service. This service "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"resolution internally might include several steps, such as resolving DNS SRV "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"queries or locating the site."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "All of the common configuration options that apply to SSSD domains also "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<placeholder type=\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This section lists the available tunables. Please refer to their description "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id="
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For LDAP-based providers, the resolve operation is performed as part of an "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"quote> timeout should be set to a larger value than "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"value than <quote>dns_resolver_op_timeout</quote>."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ID MAPPING"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozekmsgstr "ID マッピング"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The ID-mapping feature allows SSSD to act as a client of Active Directory "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"without requiring administrators to extend user attributes to support POSIX "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"attributes for user and group identifiers."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ignored. This is to avoid the possibility of conflicts between automatically-"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"assigned and manually-assigned values. If you need to use manually-assigned "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"values, ALL values must be manually-assigned."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that changing the ID mapping related configuration options will "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"cause user and group IDs to change. At the moment, SSSD does not support "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"changing IDs, so the SSSD database must be removed. Because cached passwords "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"are also stored in the database, removing the database should only be "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"performed while the authentication servers are reachable, otherwise users "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"might get locked out. In order to cache the password, an authentication must "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"be performed. It is not sufficient to use <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"citerefentry> to remove the database, rather the process consists of:"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Making sure the remote servers are reachable"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Stopping the SSSD service"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Removing the database"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Starting the SSSD service"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Moreover, as the change of IDs might necessitate the adjustment of other "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"system properties such as file and directory ownership, it's advisable to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"plan ahead and test the ID mapping configuration thoroughly."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Mapping Algorithm"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "マッピング・アルゴリズム"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory provides an objectSID for every user and group object in "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"the directory. This objectSID can be broken up into components that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"represent the Active Directory domain identity and the relative identifier "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"(RID) of the user or group object."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"into equally-sized component sections - called \"slices\"-. Each slice "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"represents the space available to an Active Directory domain."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When a user or group entry for a particular domain is encountered for the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"first time, the SSSD allocates one of the available slices for that domain. "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"In order to make this slice-assignment repeatable on different client "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"machines, we select the slice based on the following algorithm:"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The SID string is passed through the murmurhash3 algorithm to convert it to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"a 32-bit hashed value. We then take the modulus of this value with the total "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"number of available slices to pick the slice."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: It is possible to encounter collisions in the hash and subsequent "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"modulus. In these situations, we will select the next available slice, but "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"it may not be possible to reproduce the same exact set of slices on other "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"machines (since the order that they are encountered will determine their "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"slice). In this situation, it is recommended to either switch to using "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"configure a default domain to guarantee that at least one is always "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"consistent. See <quote>Configuration</quote> for details."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "最小の設定 (<quote>[domain/DOMAINNAME]</quote> セクションにおいて):"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para><programlisting>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_id_mapping = True\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"ldap_schema = ad\n"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"ldap_id_mapping = True\n"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"ldap_schema = ad\n"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The default configuration results in configuring 10,000 slices, each capable "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"of holding up to 200,000 IDs, starting from 200,000 and going up to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"2,000,200,000. This should be sufficient for most deployments."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Advanced Configuration"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_min (integer)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "ldap_idmap_range_min (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the lower bound of the range of POSIX IDs to use for mapping "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory user and group SIDs."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"Active Directory ユーザーとグループの SID をマッピングするために使用する "
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"POSIX ID の範囲の下限を指定します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"NOTE: This option is different from <quote>min_id</quote> in that "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>min_id</quote> acts to filter the output of requests to this domain, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"whereas this option controls the range of ID assignment. This is a subtle "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"distinction, but the good general advice would be to have <quote>min_id</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "Default: 200000"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "初期値: 200000"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_max (integer)"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgstr "ldap_idmap_range_max (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the upper bound of the range of POSIX IDs to use for mapping "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Active Directory user and group SIDs."
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"Active Directory ユーザーとグループ SID をマッピングするために使用する POSIX "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"ID の範囲の上限を指定します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"NOTE: This option is different from <quote>max_id</quote> in that "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"<quote>max_id</quote> acts to filter the output of requests to this domain, "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"whereas this option controls the range of ID assignment. This is a subtle "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"distinction, but the good general advice would be to have <quote>max_id</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "Default: 2000200000"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "初期値: 2000200000"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_range_size (integer)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "ldap_idmap_range_size (整数)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specifies the number of IDs available for each slice. If the range size "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"does not divide evenly into the min and max values, it will create as many "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"complete slices as it can."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"NOTE: The value of this option must be at least as large as the highest user "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"RID planned for use on the Active Directory server. User lookups and login "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"will fail for any user whose RID is greater than this value."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"For example, if your most recently-added Active Directory user has "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"It is important to plan ahead for future expansion, as changing this value "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"will result in changing all of the ID mappings on the system, leading to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"users with different local IDs than they previously had."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_default_domain_sid (string)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "ldap_idmap_default_domain_sid (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Specify the domain SID of the default domain. This will guarantee that this "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"domain will always be assigned to slice zero in the ID map, bypassing the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"murmurhash algorithm described above."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_default_domain (string)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "ldap_idmap_default_domain (文字列)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "Specify the name of the default domain."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "初期ドメインの名前を指定します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "ldap_idmap_autorid_compat (boolean)"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallaghermsgstr "ldap_idmap_autorid_compat (論理値)"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"winbind's <quote>idmap_autorid</quote> algorithm."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"winbind の <quote>idmap_autorid</quote> アルゴリズムとより同じように振る舞う"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"ために ID マッピングのアルゴリズムの振る舞いを変更します。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"When this option is configured, domains will be allocated starting with "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"slice zero and increasing monatomically with each additional domain."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"ンに単原子的に増加するよう割り当てられます。"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"NOTE: This algorithm is non-deterministic (it depends on the order that "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"users and groups are requested). If this mode is required for compatibility "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"with machines running winbind, it is recommended to also use the "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"least one domain is consistently allocated to slice zero."
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"存します)。このモードはマシンが実行中の winbind と互換性が必要ならば、少なく"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"とも一つのドメインが一貫してスライス 0 に割り当てられることを保証するために、"
486237ee009f1d84fc4c85665dce80ade76f7079Stephen Gallagher"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_idmap_helper_table_size (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Maximal number of secondary slices that is tried when performing mapping "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"from UNIX id to SID."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Note: Additional secondary slices might be generated when SID is being "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"mapped to UNIX id and RID part of SID is out of range for secondary slices "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"then no additional secondary slices are generated."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Well-Known SIDs"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"special hardcoded meaning. Since the generic users and groups related to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"POSIX IDs are available for those objects."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The SID name space is organized in authorities which can be seen as "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"different domains. The authorities for the Well-Known SIDs are"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Null Authority"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "World Authority"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Local Authority"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Creator Authority"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "NT Authority"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Built-in"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The capitalized version of these names are used as domain names when "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"returning the fully qualified name of a Well-Known SID."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Since some utilities allow to modify SID based access control information "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"with the help of a name instead of using the SID directly SSSD supports to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"look up the SID by the name as well. To avoid collisions only the fully "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"qualified names can be used to look up Well-Known SIDs. As a result the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"names in <filename>sssd.conf</filename>."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "<option>-?</option>,<option>--help</option>"
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozekmsgstr "<option>-?</option>,<option>--help</option>"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#. type: Content of: <varlistentry><listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#: include/param_help.xml:7 include/param_help_py.xml:7
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghermsgid "Display help message and exit."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "ヘルプメッセージを表示して終了します。"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <varlistentry><term>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgid "<option>-h</option>,<option>--help</option>"
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozekmsgstr "<option>-h</option>,<option>--help</option>"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"SSSD supports two representations for specifying the debug level. The "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"simplest is to specify a decimal value from 0-9, which represents enabling "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"that level and all lower-level debug messages. The more comprehensive option "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"is to specify a hexadecimal bitmask to enable or disable specific levels "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"(such as if you wish to suppress a level)."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Please note that each SSSD service logs into its own log file. Also please "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"section only enables debugging just for the sssd process itself, not for the "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"responder or provider processes. The <quote>debug_level</quote> parameter "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"should be added to all sections that you wish to produce debug logs from."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"In addition to changing the log level in the config file using the "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"restart, it is also possible to change the debug level on the fly using the "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"manvolnum> </citerefentry> tool."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgid "Currently supported debug levels:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallaghermsgstr "現在サポートされるデバッグレベル:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Anything that would prevent SSSD from starting up or causes it to cease "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"error that doesn't kill SSSD, but one that indicates that at least one major "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"feature is not going to work properly."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"error announcing that a particular request or operation has failed."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"are the errors that would percolate down to cause the operation failure of 2."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"operation functions."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"internal control functions."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"internal variables that may be interesting."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"tracing information."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:81 include/debug_levels_tools.xml:62
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"To log required bitmask debug levels, simply add their numbers together as "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"shown in following examples:"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:85 include/debug_levels_tools.xml:66
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"serious failures and function data use 0x0270."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>例</emphasis>: 致命的なエラー、重大なエラー、深刻なエラーおよび関数"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"データをログに取得するには 0x0270 を使用します。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:89 include/debug_levels_tools.xml:70
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"function data, trace messages for internal control functions use 0x1310."
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"<emphasis>例</emphasis>: 致命的なエラー、設定値の設定、関数データ、内部制御関"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher"数のトレースメッセージをログに取得するには 0x1310 を使用します。"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:94 include/debug_levels_tools.xml:75
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:98 include/debug_levels_tools.xml:79
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<emphasis>Default</emphasis>: 0"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher#. type: Content of: outside any tag (error?)
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<emphasis> This is an experimental feature, please use https://pagure.io/"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"SSSD/sssd/ to report any issues. </emphasis>"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><title>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgid "THE LOCAL DOMAIN"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallaghermsgstr "ローカルドメイン"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"In order to function correctly, a domain with <quote>id_provider=local</"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"quote> must be created and the SSSD must be running."
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher#. type: Content of: <refsect1><para>
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"The administrator might want to use the SSSD local users instead of "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"traditional UNIX users in cases where the group nesting (see <citerefentry> "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"citerefentry>) is needed. The local users are also useful for testing and "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"development of the SSSD without having to deploy a full remote server. The "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher"local LDB storage to store users and groups."
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek#. type: Content of: <refsect1><para>
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
64a424ec1b268427822c646f7781e26e56c197f6Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
6463ed1dcdd45416468b3fa178bd856b5a9ed2c3Jakub Hrozek"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry> </phrase>"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"for this attribute type."
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲お"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozek"よび LDAP フィルター。"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para><programlisting>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozekmsgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
bf9abef629707167d39fcc92ec9c18a6244b27b8Jakub Hrozekmsgstr "構文: <placeholder type=\"programlisting\" id=\"0\"/>"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek#. type: Content of: <listitem><para>
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"For examples of this syntax, please refer to the <quote>ldap_search_base</"
7a14e8f66c0e932fe2954d792614a3b61d444bd1Jakub Hrozek"quote> examples section."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <listitem><para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Please note that specifying scope or filter is not supported for searches "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"against an Active Directory Server that might yield a large number of "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"results and trigger the Range Retrieval extension in the response."
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek#. type: Content of: <para>
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"Please note that the automounter only reads the master map on startup, so if "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"any autofs-related changes are made to the sssd.conf, you typically also "
524ceecc11f3d458eb3c1cf1489c3ff6ccb22226Jakub Hrozek"need to restart the automounter daemon after restarting the SSSD."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "override_homedir (string)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "override_homedir (文字列)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "UID number"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "UID 番号"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "domain name"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "ドメイン名"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "fully qualified user name (user@domain)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "完全修飾ユーザー名 (user@domain)"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "The first letter of the login name."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "UPN - User Principal Name (name@REALM)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "The original home directory retrieved from the identity provider."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "The value of configure option <emphasis>homedir_substring</emphasis>."
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"Override the user's home directory. You can either provide an absolute value "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"or a template. In the template, the following sequences are substituted: "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"供できます。テンプレートでは、以下のシーケンスが置換されます: <placeholder "
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"type=\"variablelist\" id=\"0\"/>"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para><programlisting>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek"override_homedir = /home/%u\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"override_homedir = /home/%u\n"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozek#. type: Content of: <varlistentry><listitem><para>
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
2cb6f28b3a12bb714bf14494d31eb6b6fff64b8bJakub Hrozekmsgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "homedir_substring (string)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The value of this option will be used in the expansion of the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<emphasis>override_homedir</emphasis> option if the template contains the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"contain this template so that this option can be used to expand the home "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"directory path for each client machine (or operating system). It can be set "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"per-domain or globally in the [nss] section. A value specified in a domain "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"section will override one set in the [nss] section."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "Default: /home"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "MODIFIED DEFAULT OPTIONS"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Certain option defaults do not match their respective backend provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"defaults, these option names and AD provider-specific defaults are listed "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "KRB5 Provider"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_validate = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_enterprise_principal = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_schema = ad"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_force_upper_case_realm = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_id_mapping = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_sasl_mech = gssapi"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_referrals = false"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_account_expire_policy = ad"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_use_tokengroups = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Certain option defaults do not match their respective backend provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"defaults, these option names and IPA provider-specific defaults are listed "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_fast = try"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_canonicalize = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider - General"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_schema = ipa_v1"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_sasl_mech = GSSAPI"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_sasl_minssf = 56"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_account_expire_policy = ipa"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider - User options"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_member_of = memberOf"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_uuid = ipaUniqueID"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_ssh_public_key = ipaSshPubKey"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_auth_type = ipaUserAuthType"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider - Group options"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_object_class = ipaUserGroup"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_object_class_alt = posixGroup"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_member = member"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_uuid = ipaUniqueID"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_external_member = ipaExternalMember"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "Determines if a domain can be enumerated. This parameter can have one of "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "the following values:"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "ドメインが列挙できるかを決定します。このパラメーターは以下の値のどれかであ"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "る必要があります:"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "running."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "<command>sss_debuglevel</command> は SSSD が実行中に SSSD モニターとプロバ"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "イダーのデバッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> に変更"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"