# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Red Hat
# This file is distributed under the same license as the sssd-docs package.
#
# Translators:
# Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011
msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.15.3\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
"POT-Creation-Date: 2018-03-09 12:30+0100\n"
"PO-Revision-Date: 2014-12-15 12:02-0500\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
"nl/)\n"
"Language: nl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Zanata 3.9.6\n"
#. type: Content of: <reference><title>
msgid "SSSD Manual pages"
msgstr "SSSD handleiding"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
msgid "sss_groupmod"
msgstr "sss_groupmod"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
msgid "8"
msgstr "8"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupmod.8.xml:16
msgid "modify a group"
msgstr "muteer een groep"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupmod.8.xml:21
msgid ""
"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></"
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
msgid "DESCRIPTION"
msgstr "OMSCHRIJVING"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupmod.8.xml:32
msgid ""
"<command>sss_groupmod</command> modifies the group to reflect the changes "
"that are specified on the command line."
msgstr ""
"<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen "
"die via de opdrachtregel ingegeven zijn."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "OPTIONS"
msgstr "OPTIES"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
msgid ""
"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
"replaceable>"
msgstr ""
"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupmod.8.xml:48
msgid ""
"Append this group to groups specified by the <replaceable>GROUPS</"
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
msgstr ""
"Voeg deze groep toe aan de groepen opgegeven met de <replaceable>GROEPEN</"
"replaceable> parameter. De <replaceable>GROEPEN</replaceable> parameter is "
"een kommagescheiden lijst van groepnamen."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
msgid ""
"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
"replaceable>"
msgstr ""
"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupmod.8.xml:62
msgid ""
"Remove this group from groups specified by the <replaceable>GROUPS</"
"replaceable> parameter."
msgstr ""
"Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</"
"replaceable> parameter."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
msgid "sssd.conf"
msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd-systemtap.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
msgid "File Formats and Conventions"
msgstr "Bestandsformaten en conventies"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "het configuratiebestand voor SSSD"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:21
msgid "FILE FORMAT"
msgstr "BESTANDSFORMAAT"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:29
#, no-wrap
msgid ""
"<replaceable>[section]</replaceable>\n"
"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:24
msgid ""
"The file has an ini-style syntax and consists of sections and parameters. A "
"section begins with the name of the section in square brackets and continues "
"until the next section begins. An example of section with single and multi-"
"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en "
"parameters. Een sectie begint met de naam van de sectie in rechte haken en "
"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie "
"met een enkele en een meervoudige parameter: <placeholder type="
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:36
msgid ""
"The data types used are string (no quotes needed), integer and bool (with "
"values of <quote>TRUE/FALSE</quote>)."
msgstr ""
"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en "
"booleaans (met de waardes <quote>TRUE/FALSE</quote>)."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:41
msgid ""
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
"(<quote>;</quote>). Inline comments are not supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:47
msgid ""
"All sections can have an optional <replaceable>description</replaceable> "
"parameter. Its function is only as a label for the section."
msgstr ""
"Alle secties kunnen een optionele <replaceable>description</replaceable> "
"parameter bevatten. Dit fungeert slechts als label voor de sectie."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:53
msgid ""
"<filename>sssd.conf</filename> must be a regular file, owned by root and "
"only root may read from or write to the file."
msgstr ""
"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar "
"moet root zijn en alleen root mag hem lezen en schrijven."
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:62
msgid ""
"The configuration file <filename>sssd.conf</filename> will include "
"configuration snippets using the include directory <filename>conf.d</"
"filename>. This feature is available if SSSD was compiled with libini "
"version 1.3.0 or later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:69
msgid ""
"Any file placed in <filename>conf.d</filename> that ends in "
"<quote><filename>.conf</filename></quote> and does not begin with a dot "
"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
"to configure SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:77
msgid ""
"The configuration snippets from <filename>conf.d</filename> have higher "
"priority than <filename>sssd.conf</filename> and will override "
"<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
"present in <filename>conf.d</filename>, then they are included in "
"alphabetical order (based on locale). Files included later have higher "
"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
"<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
"(higher number means higher priority)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:91
msgid ""
"The snippet files require the same owner and permissions as <filename>sssd."
"conf</filename>. Which are by default root:root and 0600."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:98
msgid "GENERAL OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:100
msgid "Following options are usable in more than one configuration sections."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:104
msgid "Options usable in all sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:108
msgid "debug_level (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:112
msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:115
msgid ""
"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
"are specified, the value of <replaceable>debug_level</replaceable> will be "
"used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:125
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:128
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: true"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:138
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:141
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:155
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:159
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:162
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests. Note "
"that after three missed heartbeats the process will terminate itself."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:179
msgid "SPECIAL SECTIONS"
msgstr "SPECIALE SECTIES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:182
msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#: sssd.conf.5.xml:191 sssd.conf.5.xml:3030
msgid "Section parameters"
msgstr "Sectie parameters"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:193
msgid "config_file_version (integer)"
msgstr "config_file_version (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:196
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger "
"gebruiken versie 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:202
msgid "services"
msgstr "diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:205
msgid ""
"Comma separated list of services that are started when sssd itself starts. "
"<phrase condition=\"have_systemd\"> The services' list is optional on "
"platforms where systemd is supported, as they will either be socket or D-Bus "
"activated when needed. </phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:214
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:222
msgid ""
"<phrase condition=\"have_systemd\"> By default, all services are disabled "
"and the administrator must enable the ones allowed to be used by executing: "
"\"systemctl enable sssd-@service@.socket\". </phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een "
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:244
msgid "domains"
msgstr "domeinen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:247
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter describes the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:259 sssd.conf.5.xml:2539
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:262
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:267
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN SECTIONS "
"for more info on these regular expressions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:276 sssd.conf.5.xml:2590
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:279 sssd.conf.5.xml:2593
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
"fully qualified name from user name and domain name components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:290 sssd.conf.5.xml:2604
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:291 sssd.conf.5.xml:2605
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:294 sssd.conf.5.xml:2608
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:297 sssd.conf.5.xml:2611
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:303 sssd.conf.5.xml:2617
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:306 sssd.conf.5.xml:2620
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:287 sssd.conf.5.xml:2601
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:316
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:322
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:325
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
"this, and will fall back to polling resolv.conf every five seconds if "
"inotify cannot be used."
msgstr ""
"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne "
"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:333
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
"to 'false'"
msgstr ""
"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik "
"van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' "
"gezet worden"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:339
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
"Standaard: true op systemen waar inotify is ondersteund. False op andere "
"systemen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:343
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
"Merk op: deze optie heeft geen effect op systemen waar inotify niet "
"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv."
"conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:350
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:353
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet "
"opslaan."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:357
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:363
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:370
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:373
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user. <phrase condition=\"have_systemd\"> This option does not work "
"when running socket-activated services, as the user set up to run the "
"processes is set up during compilation time. The way to override the "
"systemd unit files is by creating the appropriate files in /etc/systemd/"
"system/. Keep in mind that any change in the socket user, group or "
"permissions may result in a non-usable SSSD. The same may occur in case of "
"changes of the user running the NSS responder. </phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:391
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:396
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:399
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
"domain is intended for managing host policies and all users are located in a "
"trusted domain. The option allows those users to log in just with their "
"user name without giving a domain name as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:409
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
"Setting this option changes default of use_fully_qualified_names to True. It "
"is not allowed to use this option together with use_fully_qualified_names "
"set to False."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
#: include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:423
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:426
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name "john doe" will be "
""john_doe" This feature was added to help compatibility with shell "
"scripts that have difficulty handling spaces, due to the default field "
"separator in the shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:435
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
"character SSSD tries to return the unmodified name but in general the result "
"of a lookup is undefined."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:443
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:448
msgid "certificate_verification (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:456
msgid "no_ocsp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:458
msgid ""
"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
"needed if the OCSP servers defined in the certificate are not reachable from "
"the client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:466
msgid "no_verification"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:468
msgid ""
"Disables verification completely. This option should only be used for "
"testing."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:474
msgid "ocsp_default_responder=URL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:476
msgid ""
"Sets the OCSP default responder which should be used instead of the one "
"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
"default responder e.g. http://example.com:80/ocsp."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:482
msgid ""
"This option must be used together with ocsp_default_responder_signing_cert."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:490
msgid "ocsp_default_responder_signing_cert=NAME"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:492
msgid ""
"The nickname of the cert to trust (expected) to sign the OCSP responses. "
"The certificate with the given nickname must be available in the systems NSS "
"database."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:497
msgid "This option must be used together with ocsp_default_responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:451
msgid ""
"With this parameter the certificate verification can be tuned with a comma "
"separated list of options. Supported options are: <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:504
msgid "Unknown options are reported but ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:507
msgid "Default: not set, i.e. do not restrict certificate verification"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:513
msgid "disable_netlink (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:516
msgid ""
"SSSD hooks into the netlink interface to monitor changes to routes, "
"addresses, links and trigger certain actions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:521
msgid ""
"The SSSD state changes caused by netlink events may be undesirable and can "
"be disabled by setting this option to 'true'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:526
msgid "Default: false (netlink changes are detected)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:531
msgid "enable_files_domain (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:534
msgid ""
"When this option is enabled, SSSD prepends an implicit domain with "
"<quote>id_provider=files</quote> before any explicitly configured domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:548
msgid "domain_resolution_order"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:551
msgid ""
"Comma separated list of domains and subdomains representing the lookup order "
"that will be followed. The list doesn't have to include all possible "
"domains as the missing domains will be looked up based on the order they're "
"presented in the <quote>domains</quote> configuration option. The "
"subdomains which are not listed as part of <quote>lookup_order</quote> will "
"be looked up in a random order for each parent domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:563
msgid ""
"Please, note that when this option is set the output format of all commands "
"is always fully-qualified even when using short names for input. In case "
"the administrator wants the output not fully-qualified, the full_name_format "
"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
"However, keep in mind that during login, login applications often "
"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
"shortname is returned for a qualified input (while trying to reach a user "
"which exists in multiple domains) might re-route the login attempt into the "
"domain which users shortnames, making this workaround totally not "
"recommended in cases where usernames may overlap between domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:184
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
"managed by a special service frequently called <quote>monitor</quote>. The "
"<quote>[sssd]</quote> section is used to configure the monitor as well as "
"some other important options like the identity domains. <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:598
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:600
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
"section, for example, for NSS service, the section would be <quote>[nss]</"
"quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:607
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:609
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:626
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:629
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
"systems without this capability, the resulting value will be the lower value "
"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:638
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:643
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:646
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
"limited in order to avoid resource exhaustion on the system. The timeout "
"can't be shorter than 10 seconds. If a lower value is configured, it will be "
"adjusted to 10 seconds."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1229 sssd-ldap.5.xml:1412
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:660
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:663
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
"value is in seconds and calculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:670
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:673
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:678
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:681
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:692
msgid "responder_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:695
msgid ""
"This option specifies the number of seconds that an SSSD responder process "
"can be up without being used. This value is limited in order to avoid "
"resource exhaustion on the system. The minimum acceptable value for this "
"option is 60 seconds. Setting this option to 0 (zero) means that no timeout "
"will be set up to the responder. This option only has effect when SSSD is "
"built with systemd support and when services are either socket or D-Bus "
"activated."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:722
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:714
msgid "cache_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:717
msgid ""
"This option specifies whether the responder should query all caches before "
"querying the Data Providers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:729
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:731
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te "
"configurere."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:736
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:739
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
"over alle gebruikers)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:743
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:748
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:751
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
"for the domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:757
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
"after 15 seconds past the last cache update will be returned immediately, "
"but the SSSD will go and update the cache on its own, so that future "
"requests will not need to block waiting for a cache update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:767
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
"disables this feature)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:775 sssd.conf.5.xml:1428
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:780
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:783
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:789 sssd.conf.5.xml:1452
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:794
msgid "local_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:797
msgid ""
"Specifies for how many seconds nss_sss should keep local users and groups in "
"negative cache before trying to look it up in the back end again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: 0"
msgstr "Standaard: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:807
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:810
msgid ""
"Exclude certain users or groups from being fetched from the sss NSS "
"database. This is particularly useful for system accounts. This option can "
"also be set per-domain or include fully-qualified names to filter only users "
"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:817
msgid ""
"NOTE: The filter_groups option doesn't affect inheritance of nested group "
"members, since filtering happens after they are propagated for returning via "
"NSS. E.g. a group having a member group filtered out will still have the "
"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:825
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:830
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:833
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:844
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:847
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:852
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
#: sssd.conf.5.xml:858
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
#: sssd-krb5.5.xml:539 include/override_homedir.xml:59
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:862
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:868
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:871
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:877
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:883
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:886
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:889
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:893
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:898
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:903
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:906
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
"allowed shells in allowed_shells would be to much overhead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:913
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:916
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:920
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:925
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:928
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:933
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:936
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:940
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:945
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:948
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:954
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:961 sssd.conf.5.xml:1222
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:964 sssd.conf.5.xml:1225
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:973
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:976
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid. Setting this option to zero will disable the in-memory cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:984
msgid ""
"WARNING: Disabling the in-memory cache will have significant negative impact "
"on SSSD's performance and should only be used for testing."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:990
msgid ""
"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
"client applications will not use the fast in-memory cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:998 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1001
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
"attributes is controlled by this option. It is handled the same way as the "
"<quote>user_attributes</quote> option of the InfoPipe responder (see "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for details) but with no default values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1014
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1019
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1024
msgid "pwfield (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1027
msgid ""
"The value that NSS operations that return users or groups will return for "
"the <quote>password</quote> field."
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1035
msgid ""
"Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files "
"domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:1043
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1045
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1050
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1053
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1058 sssd.conf.5.xml:1071
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1064
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1067
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1077
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1080
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1085
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1091 sssd.conf.5.xml:1189
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1097
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1100
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1105
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1108
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1111
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1115
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1118
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1122 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1128
msgid "pam_response_filter (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1131
msgid ""
"A comma separated list of strings which allows to remove (filter) data sent "
"by the PAM responder to pam_sss PAM module. There are different kind of "
"responses sent to pam_sss e.g. messages displayed to the user or environment "
"variables which should be set by pam_sss."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1139
msgid ""
"While messages already can be controlled with the help of the pam_verbosity "
"option this option allows to filter out other kind of responses as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1146
msgid "ENV"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1147
msgid "Do not send any environment variables to any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1150
msgid "ENV:var_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1151
msgid "Do not send environment variable var_name to any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1155
msgid "ENV:var_name:service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1156
msgid "Do not send environment variable var_name to service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1144
msgid ""
"Currently the following filters are supported: <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1166
msgid "Example: ENV:KRB5CCNAME:sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1172
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1175
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
"ensure that authentication takes place with the latest information."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1181
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
"client-application basis) how long (in seconds) we can cache the identity "
"information to avoid excessive round-trips to the identity provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1195
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1198 sssd.conf.5.xml:2028
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1201
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1207 sssd.conf.5.xml:2031
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1212
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1234
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1237
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to run PAM conversations against trusted domains. Users not "
"included in this list can only access domains marked as public with "
"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1247
msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1251
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1258
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1261
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1265
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1269
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1273
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1282
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1285
msgid ""
"Allows a custom expiration message to be set, replacing the default "
"'Permission denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1290
msgid ""
"Note: Please be aware that message is only printed for the SSH service "
"unless pam_verbosity is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
#: sssd.conf.5.xml:1298
#, no-wrap
msgid ""
"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1307
msgid "pam_account_locked_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1310
msgid ""
"Allows a custom lockout message to be set, replacing the default 'Permission "
"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
#: sssd.conf.5.xml:1317
#, no-wrap
msgid ""
"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1326
msgid "pam_cert_auth (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1329
msgid ""
"Enable certificate based Smartcard authentication. Since this requires "
"additional communication with the Smartcard which will delay the "
"authentication process this option is disabled by default."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1340
msgid "pam_cert_db_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1343
msgid ""
"The path to the certificate database which contain the PKCS#11 modules to "
"access the Smartcard."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1347
msgid "Default: /etc/pki/nssdb (NSS version)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1352
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1355
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1364
msgid "pam_app_services (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1367
msgid ""
"Which PAM services are permitted to contact domains of type "
"<quote>application</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:1380
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1382
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1399
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1402
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1414
#, fuzzy
#| msgid "debug_level (integer)"
msgid "sudo_threshold (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1417
msgid ""
"Maximum number of expired rules that can be refreshed at once. If number of "
"expired rules is below threshold, those rules are refreshed with "
"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
"<quote>full refresh</quote> of sudo rules is triggered instead. This "
"threshold number also applies to IPA sudo command and command group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:1436
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1438
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1442
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1445
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:1461
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1463
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1467
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1470
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1479
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1482
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1486
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1491
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1494
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1499
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:1507
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1509
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
"provider collects domain SID and ID ranges of the domain the client is "
"joined to and of remote trusted domains from the local domain controller. If "
"the PAC is decoded and evaluated some of the following operations are done:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
#: sssd.conf.5.xml:1518
msgid ""
"If the remote user does not exist in the cache, it is created. The UID is "
"determined with the help of the SID, trusted domains will have UPGs and the "
"GID will have the same value as the UID. The home directory is set based on "
"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
"the system defaults are used, but can be overwritten with the default_shell "
"parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
#: sssd.conf.5.xml:1526
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1532
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1536 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1539
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1545
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1549
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
"access the PAC responder, which would be the typical case, you have to add 0 "
"to the list of allowed UIDs as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1558
msgid "pac_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1561
msgid ""
"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
"data can be used to determine the group memberships of a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:1574
#, fuzzy
#| msgid "General service configuration options"
msgid "Session recording configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1576
msgid ""
"Session recording works in conjunction with <citerefentry> "
"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry>, a part of tlog package, to log what users see and type when "
"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:1589
#, fuzzy
#| msgid "These options can be used to configure any service."
msgid "These options can be used to configure session recording."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
#, fuzzy
#| msgid "re_expression (string)"
msgid "scope (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
msgid "\"none\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
msgid "No users are recorded."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
msgid "\"some\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
#, fuzzy
#| msgid ""
#| "Append this group to groups specified by the <replaceable>GROUPS</"
#| "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter "
#| "is a comma separated list of group names."
msgid ""
"Users/groups specified by <replaceable>users</replaceable> and "
"<replaceable>groups</replaceable> options are recorded."
msgstr ""
"Voeg deze groep toe aan de groepen opgegeven met de <replaceable>GROEPEN</"
"replaceable> parameter. De <replaceable>GROEPEN</replaceable> parameter is "
"een kommagescheiden lijst van groepnamen."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
msgid "\"all\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
msgid "All users are recorded."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
msgid ""
"One of the following strings specifying the scope of session recording: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
#, fuzzy
#| msgid "Default: 3"
msgid "Default: \"none\""
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
#, fuzzy
#| msgid "re_expression (string)"
msgid "users (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
msgid ""
"A comma-separated list of users which should have session recording enabled. "
"Matches user names as returned by NSS. I.e. after the possible space "
"replacement, case changes, etc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
msgid "Default: Empty. Matches no users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
#, fuzzy
#| msgid "re_expression (string)"
msgid "groups (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
msgid ""
"A comma-separated list of groups, members of which should have session "
"recording enabled. Matches group names as returned by NSS. I.e. after the "
"possible space replacement, case changes, etc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
msgid ""
"NOTE: using this option (having it set to anything) has a considerable "
"performance cost, because each uncached request for a user requires "
"retrieving and matching the groups the user is member of."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
msgid "Default: Empty. Matches no groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:1675
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1682
msgid "domain_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1685
msgid ""
"Specifies whether the domain is meant to be used by POSIX-aware clients such "
"as the Name Service Switch or by applications that do not need POSIX data to "
"be present or generated. Only objects from POSIX domains are available to "
"the operating system interfaces and utilities."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1693
msgid ""
"Allowed values for this option are <quote>posix</quote> and "
"<quote>application</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1697
msgid ""
"POSIX domains are reachable by all services. Application domains are only "
"reachable from the InfoPipe responder (see <citerefentry> "
"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>) and the PAM responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1705
msgid ""
"NOTE: The application domains are currently well tested with "
"<quote>id_provider=ldap</quote> only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1709
msgid ""
"For an easy way to configure a non-POSIX domains, please see the "
"<quote>Application domains</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1713
msgid "Default: posix"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1719
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1722
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1727
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
"primary group memberships, those that are in range will be reported as "
"expected."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1734
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1738
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1744
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1747
msgid ""
"Determines if a domain can be enumerated, that is, whether the domain can "
"list all the users and group it contains. Note that it is not required to "
"enable enumeration in order for secondary groups to be displayed. This "
"parameter can have one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1755
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1758
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1764
msgid ""
"Enumerating a domain requires SSSD to download and store ALL user and group "
"entries from the remote server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1769
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
"to fully complete enumerations. During this time, individual requests for "
"information will go directly to LDAP, though it may be slow, due to the "
"heavy enumeration processing. Saving a large number of entries to cache "
"after the enumeration completes might also be CPU intensive as the "
"memberships have to be recomputed. This can lead to the <quote>sssd_be</"
"quote> process becoming unresponsive or even restarted by the internal "
"watchdog."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1784
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1789
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
"enumeration lookups are completed successfully. For more information, refer "
"to the man pages for the specific id_provider in use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1797
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1805
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1812
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1813
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1816
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1817
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1808
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
"Optionally, a list of one or more domain names can enable enumeration just "
"for these trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1831
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1834
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1838
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
"for newly added or expired entries. You should run the <citerefentry> "
"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry> tool in order to force refresh of entries that have already "
"been cached."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1851
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1857
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1860
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1944
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1870
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1873
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1883
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1886
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1896
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1899
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1909
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1912
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1922
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1925
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1936
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1939
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1950
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1953
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1958
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1962
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1972
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1975
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1979
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:1989
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1992
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
"(long term password) must have to be saved as SHA512 hash into the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:1999
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2004
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2010
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2013
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
"value of this parameter must be greater than or equal to "
"offline_credentials_expiration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2020
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2025
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2036
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning. Also an auth provider has to be configured for the "
"backend."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2043
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2049
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2052
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2056
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2059 sssd.conf.5.xml:2196
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2063
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
"information on configuring LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2294
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
"FreeIPA."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2303
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring Active Directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2091
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2094
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2099
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
"<command>getent passwd test</command> wouldn't find the user while "
"<command>getent passwd test@LOCAL</command> would."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2107
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
"will be searched when an unqualified name is requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2114
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2120
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2123
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2126
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
"return the requested group as if it was empty."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2144
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
"members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2155
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2158
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2162 sssd.conf.5.xml:2224
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2169
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring Kerberos."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2193
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2200
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2203
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2209
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2212
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
"Internal special providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2218
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2221
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2248
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry> for more information on configuring the simple "
"access module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2255
msgid ""
"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
"citerefentry> for more information on configuring Kerberos."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2262
msgid "<quote>proxy</quote> for relaying access control to another PAM module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2265
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2270
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2273
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2278
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2286
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring Kerberos."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2311
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2315
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2318
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2325
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2328
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2332
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2340
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2344
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2348
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2532
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2355
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
"options that can be used to adjust the behavior. Please refer to "
"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2370
msgid ""
"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
"background unless the sudo provider is explicitly disabled. Set "
"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
"activity in SSSD if you do not want to use sudo with SSSD at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2380
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2383
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
"providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2389
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring IPA."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2397
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2400
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2406
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2409
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2415
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring IPA."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2424
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
"the AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2433
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2443
#, fuzzy
#| msgid "re_expression (string)"
msgid "session_provider (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2446
msgid ""
"The provider which configures and manages user session related tasks. The "
"only user session task currently provided is the integration with Fleet "
"Commander, which works only with IPA. Supported session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2453
msgid "<quote>ipa</quote> to allow performing user session related tasks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2457
msgid ""
"<quote>none</quote> does not perform any kind of user session related tasks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2461
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can perform "
"session related tasks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2465
msgid ""
"<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
"SSSD must be running as \"root\" and not as the unprivileged user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2473
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2476
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2480
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2487
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring IPA."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2495
msgid ""
"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring the AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2504
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2514
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2517
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2521
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring IPA."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2529
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2542
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
"match either the SSSD configuration domain name, or, in the case of IPA "
"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
"the domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2551
msgid ""
"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\"
"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?"
"P<name>[^@\\\\]+)$))</quote> which allows three different styles for "
"user names:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd.conf.5.xml:2556
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd.conf.5.xml:2559
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd.conf.5.xml:2562
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2565
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2570
msgid ""
"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
"sign, the domain everything after that\""
msgstr ""
"Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
"wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , "
"het domein alles daarna\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2576
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
"version 7 or higher can support non-unique named subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2583
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P<name>) to label subpatterns."
msgstr ""
"MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis "
"(?P<name>) om subpatronen aan te geven."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2630
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2636
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2639
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2643
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2646
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2649
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2652
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2655
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2658
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2664
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2667
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the "
"internal fail over service before assuming that the service is unreachable. "
"If this timeout is reached, the domain will continue to operate in offline "
"mode."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2674
msgid ""
"Please see the section <quote>FAILOVER</quote> for more information about "
"the service resolution."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1456 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2685
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2688
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2692
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2698
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2701
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2707
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2715
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2718
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2724
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2726
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2730
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2733
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
"protocol names) are still lowercased in the output."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2710
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2745
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2751
msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2754
msgid ""
"Specifies a list of configuration parameters that should be inherited by a "
"subdomain. Please note that only selected parameters can be inherited. "
"Currently the following options can be inherited:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2760
msgid "ignore_group_members"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2763
msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2766 sssd-ldap.5.xml:1120
msgid "ldap_use_tokengroups"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2769
msgid "ldap_user_principal"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2772
msgid ""
"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
"is not set explicitly)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd.conf.5.xml:2778
#, no-wrap
msgid ""
"subdomain_inherit = ldap_purge_cache_timeout\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2776 sssd-secrets.5.xml:448
msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2785
msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2792
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2803
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2804
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2795
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
"possible values. In addition to those, the expansion below can only be used "
"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2809
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2813
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2818
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2821
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2827
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2830
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
"the online mode."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2836
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2840
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
"<quote>initgroups.</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2851
msgid "auto_private_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2854
msgid ""
"If this option is enabled, SSSD will automatically create user private "
"groups based on user's UID number. The GID number is ignored in this case."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2859
msgid ""
"For POSIX subdomains, setting the option in the main domain is inherited in "
"the subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2863
msgid ""
"For ID-mapping subdomains, auto_private_groups is already enabled for the "
"subdomains and setting it to false will not have any effect for the "
"subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2868
msgid ""
"NOTE: Because the GID number and the user private group are inferred from "
"the UID number, it is not supported to have multiple entries with the same "
"UID or GID number with this option. In other words, enabling this option "
"enforces uniqueness across the ID space."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:1677
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2887
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2890
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2893
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2901
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2904
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2914
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2917
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
"name was an alias. Setting this option to true would cause the SSSD to "
"perform the ID lookup from cache for performance reasons."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2931
msgid "proxy_max_children (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2934
msgid ""
"This option specifies the number of pre-forked proxy children. It is useful "
"for high-load SSSD environments where sssd may run out of available child "
"slots, which would cause some issues due to the requests being queued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:2883
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:2950
msgid "Application domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:2952
msgid ""
"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
"applications as a gateway to an LDAP directory where users and groups are "
"stored. However, contrary to the traditional SSSD deployment where all users "
"and groups either have POSIX attributes or those attributes can be inferred "
"from the Windows SIDs, in many cases the users and groups in the application "
"support scenario have no POSIX attributes. Instead of setting a "
"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
"administrator can set up an <quote>[application/<replaceable>NAME</"
"replaceable>]</quote> section that internally represents a domain with type "
"<quote>application</quote> optionally inherits settings from a tradition "
"SSSD domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:2972
msgid ""
"Please note that the application domain must still be explicitly enabled in "
"the <quote>domains</quote> parameter so that the lookup order between the "
"application domain and its POSIX sibling domain is set correctly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#: sssd.conf.5.xml:2978
msgid "Application domain parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:2980
msgid "inherit_from (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:2983
msgid ""
"The SSSD POSIX-type domain the application domain inherits all settings "
"from. The application domain can moreover add its own settings to the "
"application settings that augment or override the <quote>sibling</quote> "
"domain settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:2997
msgid ""
"The following example illustrates the use of an application domain. In this "
"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
"through the NSS responder. In addition, the application domain also requests "
"the telephoneNumber attribute, stores it as the phone attribute in the cache "
"and makes the phone attribute reachable through the D-Bus interface."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
#: sssd.conf.5.xml:3005
#, no-wrap
msgid ""
"[sssd]\n"
"domains = appdom, posixdom\n"
"\n"
"[ifp]\n"
"user_attributes = +phone\n"
"\n"
"[domain/posixdom]\n"
"id_provider = ldap\n"
"ldap_uri = ldap://ldap.example.com\n"
"ldap_search_base = dc=example,dc=com\n"
"\n"
"[application/appdom]\n"
"inherit_from = posixdom\n"
"ldap_user_extra_attrs = phone:telephoneNumber\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:3023
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:3025
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
"<replaceable>id_provider=local</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3032
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3035
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3039
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3044
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3047
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3052
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3057
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3060
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3064 sssd.conf.5.xml:3076
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3069
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3072
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3081
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3084
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
"on a newly created home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3092
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3097
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3100
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3110
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3115
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3118
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
"default value is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3125
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:3130
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3133
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
"return code of the command is not taken into account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:3139
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:3149
msgid "TRUSTED DOMAIN SECTION"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3151
msgid ""
"Some options used in the domain section can also be used in the trusted "
"domain section, that is, in a section called <quote>[domain/"
"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base "
"domain. Please refer to examples below for explanation. Currently supported "
"options in the trusted domain section are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3158
msgid "ldap_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3159
msgid "ldap_user_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3160
msgid "ldap_group_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3161
msgid "ldap_netgroup_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3162
msgid "ldap_service_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3163
msgid "ad_server,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3164
msgid "ad_backup_server,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3165
msgid "ad_site,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3166
msgid "use_fully_qualified_names"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3168
msgid ""
"For more details about these options see their individual description in the "
"manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:3174 idmap_sss.8.xml:43
msgid "EXAMPLES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:3180
#, no-wrap
msgid ""
"[sssd]\n"
"domains = LDAP\n"
"services = nss, pam\n"
"config_file_version = 2\n"
"\n"
"[nss]\n"
"filter_groups = root\n"
"filter_users = root\n"
"\n"
"[pam]\n"
"\n"
"[domain/LDAP]\n"
"id_provider = ldap\n"
"ldap_uri = ldap://ldap.example.com\n"
"ldap_search_base = dc=example,dc=com\n"
"\n"
"auth_provider = krb5\n"
"krb5_server = kerberos.example.com\n"
"krb5_realm = EXAMPLE.COM\n"
"cache_credentials = true\n"
"\n"
"min_id = 10000\n"
"max_id = 20000\n"
"enumerate = False\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3176
msgid ""
"1. The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
"configuring domains for more details. <placeholder type=\"programlisting\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:3213
#, no-wrap
msgid ""
"use_fully_qualified_names = false\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:3207
msgid ""
"2. The following example shows configuration of IPA AD trust where the AD "
"forest consists of two domains in a parent-child structure. Suppose IPA "
"(child.ad.com). To enable shortnames in the child domain the following "
"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/"
">"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
msgid "sssd-ldap"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ldap.5.xml:17
msgid "SSSD LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
"This manual page describes the configuration of LDAP domains for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for detailed syntax information."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:35
msgid "You can configure SSSD to use more than one LDAP domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:38
msgid ""
"LDAP back end supports id, auth, access and chpass providers. If you want to "
"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
"over an unencrypted channel. If the LDAP server is used only as an identity "
"provider, an encrypted channel is not needed. Please refer to "
"<quote>ldap_access_filter</quote> config option for more information about "
"using LDAP as an access provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
msgid "CONFIGURATION OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:60
msgid "ldap_uri, ldap_backup_uri (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:63
msgid ""
"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
"should connect in the order of preference. Refer to the <quote>FAILOVER</"
"quote> section for more information on failover and server redundancy. If "
"neither option is specified, service discovery is enabled. For more "
"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
msgid "The format of the URI must match the format defined in RFC 2732:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:73
msgid "ldap[s]://<host>[:port]"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:76
msgid ""
"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:79
msgid "example: ldap://[fc00::126:25]:389"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:85
msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:88
msgid ""
"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
"should connect in the order of preference to change the password of a user. "
"Refer to the <quote>FAILOVER</quote> section for more information on "
"failover and server redundancy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:95
msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:99
msgid "Default: empty, i.e. ldap_uri is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:105
msgid "ldap_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:108
msgid "The default base DN to use for performing LDAP user operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:112
msgid ""
"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
"syntax:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:116
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:119
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
#. type: Content of: <listitem><para>
#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:129
msgid ""
"ldap_search_base = dc=example,dc=com (which is equivalent to) "
"ldap_search_base = dc=example,dc=com?subtree?"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:134
msgid ""
"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
"(host=thishost)?dc=example.com?subtree?"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:137
msgid ""
"Note: It is unsupported to have multiple search bases which reference "
"identically-named objects (for example, groups with the same name in two "
"different search bases). This will lead to unpredictable behavior on client "
"machines."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:144
msgid ""
"Default: If not set, the value of the defaultNamingContext or namingContexts "
"attribute from the RootDSE of the LDAP server is used. If "
"defaultNamingContext does not exist or has an empty value namingContexts is "
"used. The namingContexts attribute must have a single value with the DN of "
"the search base of the LDAP server to make this work. Multiple values are "
"are not supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:158
msgid "ldap_schema (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
"may vary. The way that some attributes are handled may also differ."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:168
msgid "Four schema types are currently supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:172
msgid "rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:177
msgid "rfc2307bis"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:182
msgid "IPA"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:187
msgid "AD"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:193
msgid ""
"The main difference between these schema types is how group memberships are "
"recorded in the server. With rfc2307, group members are listed by name in "
"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
"group members are listed by DN and stored in the <emphasis>member</emphasis> "
"attribute. The AD schema type sets the attributes to correspond with Active "
"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:203
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:209
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:212
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:219
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:222
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:226
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:229
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:232
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:235
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:241
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:244
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:251
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:254
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:257
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:263
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:266
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:270
msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:277
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:280
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:284
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:290
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:293
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:929
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:303
msgid "ldap_user_primary_group (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:306
msgid ""
"Active Directory primary group attribute for ID-mapping. Note that this "
"attribute should only be set manually if you are running the <quote>ldap</"
"quote> provider with ID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:312
msgid "Default: unset (LDAP), primaryGroupID (AD)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:318
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:321
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:325
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:331
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:334
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:338
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:344
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:347
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:351
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:357
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:360
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:955
msgid ""
"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
"IPA"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:371
msgid "ldap_user_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:374
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP user object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:970
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:386
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
"the last password change)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:412
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:418
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:421
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
"password age)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:430
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
"password age)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:448
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:454
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:457
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
"(password warning period)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:467
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:473
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:476
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
"(password inactivity period)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:486
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:492
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:495
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> counterpart (account expiration date)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:505
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:511
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:514
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
"kerberos."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:520
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:526
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:529
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:535
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:541
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:544
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:549
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:555
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:558
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:563
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:569
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:572
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:577
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:583
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:586
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:590 sssd-ldap.5.xml:604
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:596
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:599
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:610
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:613
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:618
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:624
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:627
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:631
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:637
msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:640
msgid ""
"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
"usual set of user attributes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:645
msgid ""
"The list can either contain LDAP attribute names only, or colon-separated "
"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
"LDAP attribute name is specified, the attribute is saved to the cache "
"verbatim. Using a custom SSSD attribute name might be required by "
"environments that configure several SSSD domains with different LDAP schemas."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:655
msgid ""
"Please note that several attribute names are reserved by SSSD, notably the "
"<quote>name</quote> attribute. SSSD would report an error if any of the "
"reserved attribute names is used as an extra attribute name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:665
msgid "ldap_user_extra_attrs = telephoneNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:668
msgid ""
"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
"<quote>telephoneNumber</quote> to the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:672
msgid "ldap_user_extra_attrs = phone:telephoneNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:675
msgid ""
"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
"quote> to the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:685
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:688
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1306
msgid "Default: sshPublicKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:698
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:701
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
"fail. Set this option to a non-zero value if you want to use an upper-case "
"realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:714
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:717
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:728
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:731
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
"space."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:737
msgid ""
"Setting this option to zero will disable the cache cleanup operation. Please "
"note that if enumeration is enabled, the cleanup task is required in order "
"to detect entries removed from the server and can't be disabled. By default, "
"the cleanup task will run every 3 hours with enumeration enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:752
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:755
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:765
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:768
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:772 sssd-ldap.5.xml:1274
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:778
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:781
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
"to determine access privilege."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:788
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:793
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
"ldap_user_authorized_service option to work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:800
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:806
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:809
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
"privilege."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:815
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:820
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
"ldap_user_authorized_host option to work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:827
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:833
msgid "ldap_user_authorized_rhost (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:836
msgid ""
"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
"presence of the rhost attribute in the user's LDAP entry to determine access "
"privilege. Similarly to host verification process."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:843
msgid ""
"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
"explicit allow (rhost) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:848
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>rhost</quote> in order for the "
"ldap_user_authorized_rhost option to work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:855
#, fuzzy
#| msgid "Default: 3"
msgid "Default: rhost"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:861
msgid "ldap_user_certificate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:864
msgid "Name of the LDAP attribute containing the X509 certificate of the user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:868
msgid "Default: userCertificate;binary"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:874
msgid "ldap_user_email (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:877
msgid "Name of the LDAP attribute containing the email address of the user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:881
msgid ""
"Note: If an email address of a user conflicts with an email address or fully "
"qualified name of another user, then SSSD will not be able to serve those "
"users properly. If for some reason several users need to share the same "
"email address then set this option to a nonexistent attribute name in order "
"to disable user lookup/login by email."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:890
msgid "Default: mail"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:896
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:899
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:902
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:908
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:911
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:915
msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:922
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:925
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:935
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:938
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:942
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:948
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:951
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:962
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:965
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:977
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:990
msgid "ldap_group_type (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:993
msgid ""
"The LDAP attribute that contains an integer value indicating the type of the "
"group and maybe other flags."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:998
msgid ""
"This attribute is currently only used by the AD provider to determine if a "
"group is a domain local groups and has to be filtered out for trusted "
"domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1004
msgid "Default: groupType in the AD provider, otherwise not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1011
msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1014
msgid ""
"The LDAP attribute that references group members that are defined in an "
"external domain. At the moment, only IPA's external members are supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1020
msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1027
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1030
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1037
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
"<emphasis>may be</emphasis> returned if previous lookups already resolved "
"the deeper nesting levels. Also, subsequent lookups for other groups may "
"enlarge the result set for original lookup if re-queried."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1046
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
"at all. However, when connected to Active-Directory Server 2008 and later "
"using <quote>id_provider=ad</quote> it is furthermore required to disable "
"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1055
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1061
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1064
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
"complex or deep nested groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1070
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1075 sssd-ldap.5.xml:1102
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
"\"auto-detect\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1108
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
"for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1093
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1096
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
"dealing with complex or deep nested groups)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1123
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1128
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1137
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1140
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1144
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1150
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1153
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1157
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1167
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1170
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1174
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1178
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1184
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1187
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1191 sssd-ldap.5.xml:1207
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1194
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1200
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1216
msgid "ldap_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1219
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1222 sssd-ldap.5.xml:1331
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1228
#, fuzzy
#| msgid "full_name_format (string)"
msgid "ldap_host_name (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1257
msgid "The LDAP attribute that corresponds to the host's name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1241
msgid "ldap_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1244
msgid ""
"The LDAP attribute that corresponds to the host's fully-qualified domain "
"name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1248
#, fuzzy
#| msgid "Default: 3"
msgid "Default: fqdn"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1254
msgid "ldap_host_serverhostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1261
#, fuzzy
#| msgid "Default: true"
msgid "Default: serverHostname"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1267
msgid "ldap_host_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1270
msgid "The LDAP attribute that lists the host's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1280
msgid "ldap_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1283
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:397 sssd-ipa.5.xml:416
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1299
msgid "ldap_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1302
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1312
msgid "ldap_host_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1315
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1325
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1328
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1337
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1340
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1350
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1353
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1357
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1363
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1366
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1370
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1376
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1381
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1384
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
"is entered)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1390
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
"lookup types."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1402
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1405
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1418
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1421
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
"manvolnum> </citerefentry> following a <citerefentry> "
"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
"citerefentry> returns in case of no activity."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1444
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1447
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
"operation, password change extended operation and the StartTLS operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1462
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1465
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
"the TGT lifetime) will be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1473 sssd-ldap.5.xml:2551
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1479
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1482
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1487
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1493
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1496
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
"it is not enabled or does not behave properly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1502
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1508
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1520
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1523
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1526
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
"group contains more members, the reply would include an AD-specific range "
"extension. This option disables parsing of the range extension, therefore "
"large groups will appear as having no members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1541
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1544
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
"option are defined by OpenLDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1550
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1557
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1560
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
"they are looked up individually."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1566
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1570
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
"Directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1578
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
"regardless of this setting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1591
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1594
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1600
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1604
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
"is provided, it will be ignored and the session proceeds normally."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1611
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
"is provided, the session is immediately terminated."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1617
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
"immediately terminated."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1623
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1627
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1633
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1636
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1648
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1651
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
"be the hash of the certificate followed by '.0'. If available, "
"<command>cacertdir_rehash</command> can be used to create the correct names."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1666
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1669
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1679
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1682
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1691
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1694
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1707
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1710
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1720
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1723
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1729
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1739
msgid "ldap_min_id, ldap_max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1742
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
"can be set to restrict the allowed range for the IDs which are read directly "
"from the server. Sub-domains can then pick other ranges to map IDs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1754
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1760
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1763
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1773
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1776
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
"This option can either contain the full principal (for example host/"
"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1784
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1790
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1793
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
"well, this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1799
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1805
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1808
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1813
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1819
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1822
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1825
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1831
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1834
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
"GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1846
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1849
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1853 sssd-ad.5.xml:934
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1859 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1862
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
"colon) may be appended to the addresses or hostnames. If empty, service "
"discovery is enabled - for more information, refer to the <quote>SERVICE "
"DISCOVERY</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1874 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
"none are found."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1879 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
"migrate their config files to use <quote>krb5_server</quote> instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1891
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1894
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1900 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1903
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1915 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1918 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
"to configure the Kerberos library using the <citerefentry> "
"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> configuration file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1929 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
"information on the locator plugin."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1943
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1946
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1951
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
"evaluate if the password has expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1962
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1971
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1979
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1982
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1986
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1991
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
"does not in fact require the use of referrals, setting this option to false "
"might bring a noticeable performance improvement."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2005
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2008
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2012
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2018
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2021
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2026
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2032
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2035
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2047
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2050
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
"permit to change this default behavior. Please note that this filter is "
"applied on the LDAP user entry only and thus filtering based on nested "
"groups may not work (e.g. memberOf attribute on AD entries points only to "
"direct parents). If filtering based on nested groups is required, please see "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2070
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-ldap.5.xml:2073
#, no-wrap
msgid ""
"access_provider = ldap\n"
"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2077
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2082
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
"access during their last login, they will continue to be granted access "
"while offline and vice versa."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2090 sssd-ldap.5.xml:2147
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2096
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2099
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2103
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
"even if the password is correct."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2110
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2113
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2118
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
"set. If the attribute is missing access is granted. Also the expiration time "
"of the account is checked."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2125
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
"allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2131
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
"If both attributes are missing access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2140
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
"ldap_account_expire_policy option to work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2153
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2156
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2160
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2163
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
"Please note that 'access_provider = ldap' must be set for this feature to "
"work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2173
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2180
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
"and has value of '000001010000Z' or represents any time in the past. The "
"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
"denotes the UTC time zone. Other time zones are not currently supported and "
"will result in \"access-denied\" when users attempt to log in. Please see "
"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
"must be set for this feature to work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2197
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2201
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
"interested in being warned that password is about to expire and "
"authentication is based on using a different method than passwords - for "
"example SSH keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2211
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
"pwd_expire_policy_warn - user is still able to log in, "
"pwd_expire_policy_renew - user is prompted to change his password "
"immediately."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2219
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2223
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2228
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2233
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2237
msgid ""
"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
"remote host can access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2241
msgid ""
"Please note, rhost field in pam is set by application, it is better to check "
"what the application sends to pam, before enabling this access control option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2246
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2249
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2256
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2259
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
"lockout checking will yield access denied as ppolicy attributes on LDAP "
"server cannot be checked properly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2267
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2270
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2276
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2279
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2284
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2288
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2293
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2298
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2303
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2311
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2314
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2318
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
"The self-consistency of the domain is compromised when this is done, so SSSD "
"would normally remove the \"missing\" users from the cached group "
"memberships as soon as nsswitch tries to fetch information about the user "
"via getpw*() or initgroups() calls."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2329
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
"additional LDAP groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2341 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "wildcard_limit (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2344
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2348
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2352
msgid "Default: 1000 (often the size of one page)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:51
msgid ""
"All of the common configuration options that apply to SSSD domains also "
"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for full details. <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2362
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2364
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2375
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2378
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2381
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2387
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2390
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2400
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2403
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2407
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2413
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2416
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2421
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2427
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2430
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2434
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2440
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2443
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2447
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2453
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2456
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2460
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2466
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2469
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2473
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2479
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2482
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2486
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2492
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2495
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2500
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2506
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2509
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2513
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2519
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2522
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2527
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2532
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2538
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2541
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
"of cached rules)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2547
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2557
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2560
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2571
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2574
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2579
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2643
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2589 sssd-ldap.5.xml:2612
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2595
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2598
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2603
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2618
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2621
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2636
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2639
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2655
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2665
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2667
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2673
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2676
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2679
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2686
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2689
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2692
msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2700
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2703
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2706
msgid ""
"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2714
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2717
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2722
msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2730
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2733 sssd-ldap.5.xml:2748
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2737
msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2745
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:2752
msgid ""
"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
"automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2671
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2763
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2770
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2775
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2780
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
#: sssd-ldap.5.xml:2785
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
#: sssd-ldap.5.xml:2787
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
"against Active Directory will not be restricted and return all groups "
"memberships, even with no GID mapping. It is recommended to disable this "
"feature, if group names are not being displayed correctly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
#: sssd-ldap.5.xml:2794
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2796
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:2801
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2765
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2818
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
"section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ldap.5.xml:2824
#, no-wrap
msgid ""
"[domain/LDAP]\n"
"id_provider = ldap\n"
"auth_provider = ldap\n"
"ldap_uri = ldap://ldap.mydomain.org\n"
"ldap_search_base = dc=mydomain,dc=org\n"
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2835
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2837
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ldap.5.xml:2842
#, no-wrap
msgid ""
"[domain/LDAP]\n"
"id_provider = ldap\n"
"auth_provider = ldap\n"
"access_provider = ldap\n"
"ldap_access_order = lockout\n"
"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
"ldap_uri = ldap://ldap.mydomain.org\n"
"ldap_search_base = dc=mydomain,dc=org\n"
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:2859
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
"distribution."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: pam_sss.8.xml:11 pam_sss.8.xml:16
msgid "pam_sss"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: pam_sss.8.xml:17
msgid "PAM module for SSSD"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:22
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
"choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:58
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:68
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:71
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:76
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:79
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:86
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:89
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
"available or the password is not appropriate, the user will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:97
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:100
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:107
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:110
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:112
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:121
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:124
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:131
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:135
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:142
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:146
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
"SSSD domain names, as specified in the sssd.conf file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:152
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for more information on these two PAM "
"responder options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:166
msgid "<option>allow_missing_name</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:170
msgid ""
"The main purpose of this option is to let SSSD determine the user name based "
"on additional information, e.g. the certificate from a Smartcard."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: pam_sss.8.xml:180
#, no-wrap
msgid ""
"auth sufficient pam_sss.so allow_missing_name\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:175
msgid ""
"The current use case are login managers which can monitor a Smartcard reader "
"for card events. In case a Smartcard is inserted the login manager will call "
"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
"id=\"0\"/> In this case SSSD will try to determine the user name based on "
"the content of the Smartcard, returns it to pam_sss which will finally put "
"it on the PAM stack."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:190
msgid "<option>prompt_always</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:194
msgid ""
"Always prompt the user for credentials. With this option credentials "
"requested by other PAM modules, typically a password, will be ignored and "
"pam_sss will prompt for credentials again. Based on the pre-auth reply by "
"SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
"credentials."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:207
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:208
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:214
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:215
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
"This message can e.g. contain instructions about how to reset a password."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:220
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
"citerefentry>. If there is no matching file the content of "
"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
"the owner of the files and only root may have read and write permissions "
"while all other users must have only read permissions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:230
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
"displayed."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sssd_krb5_locator_plugin"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "Kerberos locator plugin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
"libraries what Realm and which KDC to use. Typically this is done in "
"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"Not all Kerberos implementations support the use of plugins. If "
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
"debug messages will be sent to stderr."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
"caller."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
msgid "sssd-simple"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-simple.5.xml:17
msgid "the configuration file for SSSD's 'simple' access-control provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:24
msgid ""
"This manual page describes the configuration of the simple access-control "
"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:38
msgid ""
"The simple access provider grants or denies access based on an access or "
"deny list of user or group names. The following rules apply:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:43
msgid "If all lists are empty, access is granted"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:47
msgid ""
"If any list is provided, the order of evaluation is allow,deny. This means "
"that any matching deny rule will supersede any matched allow rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:54
msgid ""
"If either or both \"allow\" lists are provided, all users are denied unless "
"they appear in the list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:60
msgid ""
"If only \"deny\" lists are provided, all users are granted access unless "
"they appear in the list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:78
msgid "simple_allow_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:81
msgid "Comma separated list of users who are allowed to log in."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:88
msgid "simple_deny_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:91
msgid "Comma separated list of users who are explicitly denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:97
msgid "simple_allow_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:100
msgid ""
"Comma separated list of groups that are allowed to log in. This applies only "
"to groups within this SSSD domain. Local groups are not evaluated."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:108
msgid "simple_deny_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:111
msgid ""
"Comma separated list of groups that are explicitly denied access. This "
"applies only to groups within this SSSD domain. Local groups are not "
"evaluated."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:120
msgid ""
"Specifying no values for any of the lists is equivalent to skipping it "
"entirely. Beware of this while generating parameters for the simple provider "
"using automated scripts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:125
msgid ""
"Please note that it is an configuration error if both, simple_allow_users "
"and simple_deny_users, are defined."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:133
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the simple access provider-specific options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-simple.5.xml:140
#, no-wrap
msgid ""
"[domain/example.com]\n"
"access_provider = simple\n"
"simple_allow_users = user1, user2\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:150
msgid ""
"The complete group membership hierarchy is resolved before the access check, "
"thus even nested groups can be included in the access lists. Please be "
"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
"results and should be set to a sufficient value. (<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>) option."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss-certmap.5.xml:10 sss-certmap.5.xml:16
msgid "sss-certmap"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss-certmap.5.xml:17
msgid "SSSD Certificate Matching and Mapping Rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss-certmap.5.xml:23
msgid ""
"The manual page describes the rules which can be used by SSSD and other "
"components to match X.509 certificates and map them to accounts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss-certmap.5.xml:28
msgid ""
"Each rule has four components, a <quote>priority</quote>, a <quote>matching "
"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</"
"quote>. All components are optional. A missing <quote>priority</quote> will "
"add the rule with the lowest priority. The default <quote>matching rule</"
"quote> will match certificates with the digitalSignature key usage and "
"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty "
"the certificates will be searched in the userCertificate attribute as DER "
"encoded binary. If no domains are given only the local domain will be "
"searched."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss-certmap.5.xml:41
msgid "RULE COMPONENTS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss-certmap.5.xml:43
msgid "PRIORITY"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:45
msgid ""
"The rules are processed by priority while the number '0' (zero) indicates "
"the highest priority. The higher the number the lower is the priority. A "
"missing value indicates the lowest priority."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:50
msgid ""
"Internally the priority is treated as unsigned 32bit integer, using a "
"priority value larger than 4294967295 will cause an error."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss-certmap.5.xml:55
msgid "MATCHING RULE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:57
msgid ""
"The matching rule is used to select a certificate to which the mapping rule "
"should be applied. It uses a system similar to the one used by "
"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a "
"keyword enclosed by '<' and '>' which identified a certain part of the "
"certificate and a pattern which should be found for the rule to match. "
"Multiple keyword pattern pairs can be either joined with '&&' (and) "
"or '||' (or)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:69
msgid "<SUBJECT>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:72
msgid ""
"With this a part or the whole subject name of the certificate can be "
"matched. For the matching POSIX Extended Regular Expression syntax is used, "
"see regex(7) for details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:78
msgid ""
"For the matching the subject name stored in the certificate in DER encoded "
"ASN.1 is converted into a string according to RFC 4514. This means the most "
"specific name component comes first. Please note that not all possible "
"attribute names are covered by RFC 4514. The names included are 'CN', 'L', "
"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might "
"be shown differently on different platform and by different tools. To avoid "
"confusion those attribute names are best not used or covered by a suitable "
"regular-expression."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:91
msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:96
msgid "<ISSUER>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:99
msgid ""
"With this a part or the whole issuer name of the certificate can be matched. "
"All comments for <SUBJECT> apply her as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:104
msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:109
msgid "<KU>key-usage"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:112
msgid ""
"This option can be used to specify which key usage values the certificate "
"should have. The following values can be used in a comma separated list:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:116
msgid "digitalSignature"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:117
msgid "nonRepudiation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:118
msgid "keyEncipherment"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:119
msgid "dataEncipherment"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:120
msgid "keyAgreement"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:121
msgid "keyCertSign"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:122
msgid "cRLSign"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:123
msgid "encipherOnly"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:124
msgid "decipherOnly"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:128
msgid ""
"A numerical value in the range of a 32bit unsigned integer can be used as "
"well to cover special use cases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:132
msgid "Example: <KU>digitalSignature,keyEncipherment"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:137
msgid "<EKU>extended-key-usage"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:140
msgid ""
"This option can be used to specify which extended key usage the certificate "
"should have. The following value can be used in a comma separated list:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:144
msgid "serverAuth"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:145
msgid "clientAuth"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:146
msgid "codeSigning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:147
msgid "emailProtection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:148
msgid "timeStamping"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:149
msgid "OCSPSigning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:150
msgid "KPClientAuth"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:151
msgid "pkinit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sss-certmap.5.xml:152
msgid "msScLogin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:156
msgid ""
"Extended key usages which are not listed above can be specified with their "
"OID in dotted-decimal notation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:160
msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:165
msgid "<SAN>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:168
msgid ""
"To be compatible with the usage of MIT Kerberos this option will match the "
"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:"
"Principal> does."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:173
msgid "Example: <SAN>.*@MY\\.REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:178
msgid "<SAN:Principal>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:181
msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:185
msgid "Example: <SAN:Principal>.*@MY\\.REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:190
msgid "<SAN:ntPrincipalName>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:193
msgid "Match the Kerberos principals from the AD NT Principal SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:197
msgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:202
msgid "<SAN:pkinit>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:205
msgid "Match the Kerberos principals from the PKINIT SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:208
msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:213
msgid "<SAN:dotted-decimal-oid>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:216
msgid ""
"Take the value of the otherName SAN component given by the OID in dotted-"
"decimal notation, interpret it as string and try to match it against the "
"regular expression."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:222
msgid "Example: <SAN:1.2.3.4>test"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:227
msgid "<SAN:otherName>base64-string"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:230
msgid ""
"Do a binary match with the base64 encoded blob against all otherName SAN "
"components. With this option it is possible to match against custom "
"otherName components with special encodings which could not be treated as "
"strings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:237
msgid "Example: <SAN:otherName>MTIz"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:242
msgid "<SAN:rfc822Name>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:245
msgid "Match the value of the rfc822Name SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:248
msgid "Example: <SAN:rfc822Name>.*@email\\.domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:253
msgid "<SAN:dNSName>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:256
msgid "Match the value of the dNSName SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:259
msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:264
msgid "<SAN:x400Address>base64-string"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:267
msgid "Binary match the value of the x400Address SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:270
msgid "Example: <SAN:x400Address>MTIz"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:275
msgid "<SAN:directoryName>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:278
msgid ""
"Match the value of the directoryName SAN. The same comments as given for <"
"ISSUER> and <SUBJECT> apply here as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:283
msgid "Example: <SAN:directoryName>.*,DC=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:288
msgid "<SAN:ediPartyName>base64-string"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:291
msgid "Binary match the value of the ediPartyName SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:294
msgid "Example: <SAN:ediPartyName>MTIz"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:299
msgid "<SAN:uniformResourceIdentifier>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:302
msgid "Match the value of the uniformResourceIdentifier SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:305
msgid "Example: <SAN:uniformResourceIdentifier>URN:.*"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:310
msgid "<SAN:iPAddress>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:313
msgid "Match the value of the iPAddress SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:316
msgid "Example: <SAN:iPAddress>192\\.168\\..*"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:321
msgid "<SAN:registeredID>regular-expression"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:324
msgid "Match the value of the registeredID SAN as dotted-decimal string."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:328
msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:66
msgid ""
"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss-certmap.5.xml:336
msgid "MAPPING RULE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:338
msgid ""
"The mapping rule is used to associate a certificate with one or more "
"accounts. A Smartcard with the certificate and the matching private key can "
"then be used to authenticate as one of those accounts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:343
msgid ""
"Currently SSSD basically only supports LDAP to lookup user information (the "
"exception is the proxy provider which is not of relevance here). Because of "
"this the mapping rule is based on LDAP search filter syntax with templates "
"to add certificate content to the filter. It is expected that the filter "
"will only contain the specific data needed for the mapping and that the "
"caller will embed it in another filter to do the actual search. Because of "
"this the filter string should start and stop with '(' and ')' respectively."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:353
msgid ""
"In general it is recommended to use attributes from the certificate and add "
"them to special attributes to the LDAP user object. E.g. the "
"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
"for IPA can be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:359
msgid ""
"This should be preferred to read user specific data from the certificate "
"like e.g. an email address and search for it in the LDAP server. The reason "
"is that the user specific data in LDAP might change for various reasons "
"would break the mapping. On the other hand it would be hard to break the "
"mapping on purpose for a specific user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:374
msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:377
msgid ""
"This template will add the full issuer DN converted to a string according to "
"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
"the '_x500' prefix should be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:383 sss-certmap.5.xml:409
msgid ""
"The conversion options starting with 'ad_' will use attribute names as used "
"by AD, e.g. 'S' instead of 'ST'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:387 sss-certmap.5.xml:413
msgid ""
"The conversion options starting with 'nss_' will use attribute names as used "
"by NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:391 sss-certmap.5.xml:417
msgid ""
"The default conversion option is 'nss', i.e. attribute names according to "
"NSS and LDAP/RFC 4514 ordering."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:395
msgid ""
"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!"
"ad})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:400
msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:403
msgid ""
"This template will add the full subject DN converted to string according to "
"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
"the '_x500' prefix should be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:421
msgid ""
"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>"
"{subject_dn!nss_x500})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:426
msgid "{cert[!(bin|base64)]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:429
msgid ""
"This template will add the whole DER encoded certificate as a string to the "
"search filter. Depending on the conversion option the binary certificate is "
"either converted to an escaped hex sequence '\\xx' or base64. The escaped "
"hex sequence is the default and can e.g. be used with the LDAP attribute "
"'userCertificate;binary'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:437
msgid "Example: (userCertificate;binary={cert!bin})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:442
msgid "{subject_principal[.short_name]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:445
msgid ""
"This template will add the Kerberos principal which is taken either from the "
"SAN used by pkinit or the one used by AD. The 'short_name' component "
"represents the first part of the principal before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:451 sss-certmap.5.xml:479
msgid ""
"Example: (|(userPrincipal={subject_principal})"
"(samAccountName={subject_principal.short_name}))"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:456
msgid "{subject_pkinit_principal[.short_name]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:459
msgid ""
"This template will add the Kerberos principal which is given by the SAN used "
"by pkinit. The 'short_name' component represents the first part of the "
"principal before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:465
msgid ""
"Example: (|(userPrincipal={subject_pkinit_principal})"
"(uid={subject_pkinit_principal.short_name}))"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:470
msgid "{subject_nt_principal[.short_name]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:473
msgid ""
"This template will add the Kerberos principal which is given by the SAN used "
"by AD. The 'short_name' component represent the first part of the principal "
"before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:484
msgid "{subject_rfc822_name[.short_name]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:487
msgid ""
"This template will add the string which is stored in the rfc822Name "
"component of the SAN, typically an email address. The 'short_name' component "
"represents the first part of the address before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:493
msgid ""
"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
"short_name}))"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:498
msgid "{subject_dns_name[.short_name]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:501
msgid ""
"This template will add the string which is stored in the dNSName component "
"of the SAN, typically a fully-qualified host name. The 'short_name' "
"component represents the first part of the name before the first '.' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:507
msgid ""
"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:512
msgid "{subject_uri}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:515
msgid ""
"This template will add the string which is stored in the "
"uniformResourceIdentifier component of the SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:519
msgid "Example: (uri={subject_uri})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:524
msgid "{subject_ip_address}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:527
msgid ""
"This template will add the string which is stored in the iPAddress component "
"of the SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:531
msgid "Example: (ip={subject_ip_address})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:536
msgid "{subject_x400_address}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:539
msgid ""
"This template will add the value which is stored in the x400Address "
"component of the SAN as escaped hex sequence."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:544
msgid "Example: (attr:binary={subject_x400_address})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:549
msgid ""
"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:552
msgid ""
"This template will add the DN string of the value which is stored in the "
"directoryName component of the SAN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:556
msgid "Example: (orig_dn={subject_directory_name})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:561
msgid "{subject_ediparty_name}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:564
msgid ""
"This template will add the value which is stored in the ediPartyName "
"component of the SAN as escaped hex sequence."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:569
msgid "Example: (attr:binary={subject_ediparty_name})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sss-certmap.5.xml:574
msgid "{subject_registered_id}"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:577
msgid ""
"This template will add the OID which is stored in the registeredID component "
"of the SAN as a dotted-decimal string."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:582
msgid "Example: (oid={subject_registered_id})"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:367
msgid ""
"The templates to add certificate data to the search filter are based on "
"Python-style formatting strings. They consist of a keyword in curly braces "
"with an optional sub-component specifier separated by a '.' or an optional "
"conversion/formatting option separated by a '!'. Allowed values are: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss-certmap.5.xml:590
msgid "DOMAIN LIST"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:592
msgid ""
"If the domain list is not empty users mapped to a given certificate are not "
"only searched in the local domain but in the listed domains as well as long "
"as they are know by SSSD. Domains not know to SSSD will be ignored."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
msgid "sssd-ipa"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ipa.5.xml:17
msgid "SSSD IPA provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
"This manual page describes the configuration of the IPA provider for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:36
msgid ""
"The IPA provider is a back end used to connect to an IPA server. (Refer to "
"the freeipa.org web site for information about IPA servers.) This provider "
"requires that the machine be joined to the IPA domain; configuration is "
"almost entirely self-discovered and obtained directly from the server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
msgid ""
"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
"optimizations for IPA environments. The IPA provider accepts the same "
"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
"However, it is neither necessary nor recommended to set these options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:57
msgid ""
"The IPA provider primarily copies the traditional ldap and krb5 provider "
"default options with some exceptions, the differences are listed in the "
"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:62
msgid ""
"As an access provider, the IPA provider uses HBAC (host-based access "
"control) rules. Please refer to freeipa.org for more information about "
"HBAC. No configuration of access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:67
msgid ""
"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is "
"configured in sssd.conf then the id_provider must also be set to <quote>ipa</"
"quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:73
msgid ""
"The IPA provider will use the PAC responder if the Kerberos tickets of users "
"from trusted realms contain a PAC. To make configuration easier the PAC "
"responder is started automatically if the IPA ID provider is configured."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:89
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:92
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:100
msgid "ipa_server, ipa_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:103
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
"This is optional if autodiscovery is enabled. For more information on "
"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:116
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host. The "
"hostname must be fully qualified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:128 sssd-ad.5.xml:863
msgid "dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:131
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA with the IP address of this client. The update is secured "
"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:140 sssd-ad.5.xml:877
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:145
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
"emphasis> in their config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:157 sssd-ad.5.xml:888
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:160 sssd-ad.5.xml:891
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
"serverside if set by an administrator."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:165
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
"emphasis> in their config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:171
msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:177 sssd-ad.5.xml:902
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:180 sssd-ad.5.xml:905
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
"should be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:187
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
"emphasis> in their config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:193
msgid ""
"Default: Use the IP addresses of the interface which is used for IPA LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:197 sssd-ad.5.xml:916
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:203 sssd-ad.5.xml:967
msgid "dyndns_auth (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:206 sssd-ad.5.xml:970
msgid ""
"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
"updates with the DNS server, insecure updates can be sent by setting this "
"option to 'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:212 sssd-ad.5.xml:976
msgid "Default: GSS-TSIG"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:218
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:221 sssd-ad.5.xml:210
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:225
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
"based discovery using a query that contains \"_location.hostname.example.com"
"\" and then fall back to traditional SRV discovery. If the location based "
"discovery succeeds, the IPA servers located with the location based "
"discovery are treated as primary servers and the IPA servers located using "
"the traditional SRV discovery are used as back up servers"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:244 sssd-ad.5.xml:922
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:247
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
"optional and applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:260 sssd-ad.5.xml:940
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:263 sssd-ad.5.xml:943
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:268
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:274
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:280 sssd-ad.5.xml:954
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:283 sssd-ad.5.xml:957
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:287 sssd-ad.5.xml:961
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:293 sssd-ad.5.xml:982
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:296 sssd-ad.5.xml:985
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:301 sssd-ad.5.xml:990
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:306 sssd-ad.5.xml:995
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1000
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:317
msgid "ipa_deskprofile_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:320
msgid ""
"Optional. Use the given string as search base for Desktop Profile related "
"objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:324 sssd-ipa.5.xml:337
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:330
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:343
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:346
msgid "Deprecated. Use ldap_host_search_base instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:352
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:371
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:374
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:383
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:390
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:393
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:402
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:409
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:412
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:421
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:431
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:435
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:443 sssd-ad.5.xml:1009
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:446 sssd-ad.5.xml:1012
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:450 sssd-ad.5.xml:1016
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:454 sssd-ad.5.xml:1020
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:461
#, fuzzy
#| msgid "config_file_version (integer)"
msgid "ipa_deskprofile_refresh (integer)"
msgstr "config_file_version (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:464
msgid ""
"The amount of time between lookups of the Desktop Profile rules against the "
"IPA server. This will reduce the latency and load on the IPA server if there "
"are many desktop profiles requests made in a short period."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:477
msgid "ipa_deskprofile_request_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:480
msgid ""
"The amount of time between lookups of the Desktop Profile rules against the "
"IPA server in case the last request did not return any rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:485
#, fuzzy
#| msgid "Default: true"
msgid "Default: 60 (minutes)"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:491
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:494
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
"access-control requests made in a short period."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:507
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:510
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
"many user login requests made in a short period."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:523
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:526
msgid ""
"This option will be set by the IPA installer (ipa-server-install) "
"automatically and denotes if SSSD is running on an IPA server or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:531
msgid ""
"On an IPA server SSSD will lookup users and groups from trusted domains "
"directly while on a client it will ask an IPA server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:536
msgid ""
"NOTE: There are currently some assumptions that must be met when SSSD is "
"running on an IPA server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:541
msgid ""
"The <quote>ipa_server</quote> option must be configured to point to the IPA "
"server itself. This is already the default set by the IPA installer, so no "
"manual change is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:550
msgid ""
"The <quote>full_name_format</quote> option must not be tweaked to only print "
"short names for users from trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:565
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:568
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:571
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-ipa.5.xml:579
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:588
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:591
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:594
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:600
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:603
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:613
msgid "ipa_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:616
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:619
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:625
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:628
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:632
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:638
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:641
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:646
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:649
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:652
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:655
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:658
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:661
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:664
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:667
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:672
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:678
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:681
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:686
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:689
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:692
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:697
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd-ipa.5.xml:581
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
"side there is basically no need to configure anything. For completeness the "
"related options are listed here with their default values. <placeholder "
"type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ipa.5.xml:709
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:711
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:715
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
"subdomain requests are sent to the IPA server if necessary."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:721
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
"provider is configured implicitly. In this case, if a subdomain request "
"fails and indicates that the server does not support subdomains, i.e. is not "
"configured for trusts, the IPA subdomains provider is disabled. After an "
"hour or after the IPA provider goes online, the subdomains provider is "
"enabled again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:738
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the ipa provider-specific options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ipa.5.xml:745
#, no-wrap
msgid ""
"[domain/example.com]\n"
"id_provider = ipa\n"
"ipa_server = ipaserver.example.com\n"
"ipa_hostname = myhost.example.com\n"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
msgid "sssd-ad"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ad.5.xml:17
msgid "SSSD Active Directory provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
"This manual page describes the configuration of the AD provider for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:36
msgid ""
"The AD provider is a back end used to connect to an Active Directory server. "
"This provider requires that the machine be joined to the AD domain and a "
"keytab is available. Back end communication occurs over a GSSAPI-encrypted "
"channel, SSL/TLS options should not be used with the AD provider and will be "
"superseded by Kerberos usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:44
msgid ""
"The AD provider supports connecting to Active Directory 2008 R2 or later. "
"Earlier versions may work, but are unsupported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:48
msgid ""
"The AD provider can be used to get user information and authenticate users "
"from trusted domains. Currently only trusted domains in the same forest are "
"recognized. In addition servers from trusted domains are always auto-"
"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:54
msgid ""
"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
"optimizations for Active Directory environments. The AD provider accepts the "
"same options used by the sssd-ldap and sssd-krb5 providers with some "
"exceptions. However, it is neither necessary nor recommended to set these "
"options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:69
msgid ""
"The AD provider primarily copies the traditional ldap and krb5 provider "
"default options with some exceptions, the differences are listed in the "
"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:74
msgid ""
"The AD provider can also be used as an access, chpass, sudo and autofs "
"provider. No configuration of the access provider is required on the client "
"side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:79
msgid ""
"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is "
"configured in sssd.conf then the id_provider must also be set to <quote>ad</"
"quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ad.5.xml:91
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:85
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should "
"be used, it is recommended for performance reasons that the attributes are "
"also replicated to the Global Catalog. If POSIX attributes are replicated, "
"SSSD will attempt to locate the domain of a requested numerical ID with the "
"help of the Global Catalog and only search that domain. In contrast, if "
"POSIX attributes are not replicated to the Global Catalog, SSSD must search "
"all the domains in the forest sequentially. Please note that the "
"<quote>cache_first</quote> option might be also helpful in speeding up "
"domainless searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:105
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:120
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:123
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:128
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:133
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:140
msgid "ad_enabled_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:143
msgid ""
"A comma-separated list of enabled Active Directory domains. If provided, "
"SSSD will ignore any domains not listed in this option. If left unset, all "
"domains from the AD forest will be available."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:153
#, no-wrap
msgid ""
"ad_enabled_domains = sales.example.com, eng.example.com\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:149
msgid ""
"For proper operation, this option must be specified in all lower-case and as "
"the fully qualified domain name of the Active Directory domain. For example: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:157
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) will be "
"autodetected by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:167
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:170
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:177
msgid ""
"This is optional if autodiscovery is enabled. For more information on "
"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:182
msgid ""
"Note: Trusted domains will always auto-discover servers even if the primary "
"server is explicitly defined in the ad_server option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:190
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:193
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
"host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:199
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:207
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:214
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
"Active Directory server to connect to using the Active Directory Site "
"Discovery and fall back to the DNS SRV records if no AD site is found. The "
"DNS SRV configuration, including the discovery domain, is used during site "
"discovery as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:230
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:233
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
"quote> option must be explicitly set to <quote>ad</quote> in order for this "
"option to have an effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:241
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
"missing."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:249
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
"domains from the forest specified by <quote>NAME</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:257
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:262
msgid ""
"Nested group membership must be searched for using a special OID "
"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
"example.org: syntax to ensure the parser does not attempt to interpret the "
"colon characters associated with the OID. If you do not use this OID then "
"nested group membership will not be resolved. See usage example below and "
"refer here for further information about the OID: <ulink url=\"https://msdn."
"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP "
"extensions</ulink>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:275
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
"domain filter would be applied. If there are more matches with the same "
"specification, the first one is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-ad.5.xml:286
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
"\n"
"# apply filter on domain called dom2 only:\n"
"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
"\n"
"# apply filter on forest called EXAMPLE.COM only:\n"
"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
"\n"
"# apply filter for a member of a nested group in dom1:\n"
"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:305
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:308
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:319
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:322
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
"port of the current AD server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:330
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
"port of trusted domains instead. However, Global Catalog must be used in "
"order to resolve cross-domain group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:344
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:347
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
"permissive mode. Please note that the <quote>access_provider</quote> option "
"must be explicitly set to <quote>ad</quote> in order for this option to have "
"an effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:356
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:362
msgid ""
"NOTE: The current version of SSSD does not support host (computer) entries "
"in the GPO 'Security Filtering' list. Only user and group entries are "
"supported. Host entries in the list have no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:369
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
"(as dictated by the GPO policy settings). In order to facilitate a smooth "
"transition for administrators, a permissive mode is available that will not "
"enforce the access control rules, but will evaluate them and will output a "
"syslog message if access would have been denied. By examining the logs, "
"administrators can then make the necessary changes before setting the mode "
"to enforcing."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:382
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:386
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:392
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:398
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
"have been denied access if this option's value were set to enforcing."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:409
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:412
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:418
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:421
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
"many access-control requests made in a short period."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:434
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:437
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
"DenyInteractiveLogonRight policy settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:443
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:457
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:448
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (e.g. "
"<quote>login</quote>) with a custom pam service name (e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:714
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:465
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:470
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:475
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:480
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:485
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:490
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:495
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:500
msgid "lightdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:505
msgid "lxdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:510
msgid "sddm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:515
msgid "unity"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:520
msgid "xdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:529
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:532
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
"DenyRemoteInteractiveLogonRight policy settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:538
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
"Desktop Services\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:544
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (e.g. "
"<quote>sshd</quote>) with a custom pam service name (e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:561
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:566
msgid "cockpit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:575
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:578
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
"DenyNetworkLogonRight policy settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:584
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
"network\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:599
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:590
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (e.g. "
"<quote>ftp</quote>) with a custom pam service name (e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:607
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:612
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:621
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:624
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
"policy settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:630
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:644
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:635
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (e.g. "
"<quote>crond</quote>) with a custom pam service name (e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:652
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:661
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:664
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
"DenyServiceLogonRight policy settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:670
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:683
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:675 sssd-ad.5.xml:750
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
"to remove a PAM service name from the default set. For example, in order to "
"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you "
"would use the following configuration: <placeholder type=\"programlisting\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:693
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:696
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:710
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:701
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for unconditionally permitted "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:718
msgid "polkit-1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:723
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:728
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:733
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:742
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:745
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ad.5.xml:758
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:768
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:771
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
"option can be set in two different manners. First, this option can be set to "
"use a default logon right. For example, if this option is set to "
"'interactive', it means that unmapped PAM service names will be processed "
"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
"settings. Alternatively, this option can be set to either always permit or "
"always deny access for unmapped PAM service names."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:784
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:788
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:793
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:798
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:803
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:808
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:813
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ad.5.xml:818
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:824
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:830
msgid "ad_maximum_machine_account_password_age (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:833
msgid ""
"SSSD will check once a day if the machine account password is older than the "
"given age in days and try to renew it. A value of 0 will disable the renewal "
"attempt."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:839
msgid "Default: 30 days"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:845
msgid "ad_machine_account_password_renewal_opts (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:848
msgid ""
"This option should only be used to test the machine account renewal task. "
"The option expects 2 integers separated by a colon (':'). The first integer "
"defines the interval in seconds how often the task is run. The second "
"specifies the initial timeout in seconds before the task is run for the "
"first time after startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:857
msgid "Default: 86400:750 (24h and 15m)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:866
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
"only needs to allow secure updates for the DNS zone. The IP address of the "
"AD LDAP connection is used for the updates, if it is not otherwise specified "
"by using the <quote>dyndns_iface</quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:896
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:912
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:925
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
"optional and applicable only when dyndns_update is true. Note that the "
"lowest possible value is 60 seconds in-case if value is provided less than "
"60, parameter will assume lowest value only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:948 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:1040
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This example shows only the AD provider-specific options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ad.5.xml:1047
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
"id_provider = ad\n"
"auth_provider = ad\n"
"access_provider = ad\n"
"chpass_provider = ad\n"
"\n"
"ad_server = dc1.example.com\n"
"ad_hostname = client.example.com\n"
"ad_domain = example.com\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ad.5.xml:1067
#, no-wrap
msgid ""
"access_provider = ldap\n"
"ldap_access_order = expire\n"
"ldap_account_expire_policy = ad\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:1063
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:1073
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
"note that if you configure an access provider other than <quote>ad</quote>, "
"you need to set all the connection parameters (such as LDAP URIs and "
"encryption details) manually."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:1081
msgid ""
"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
"are included in the default Active Directory schema."
msgstr ""
#. type: Content of: <reference><refentry><refmeta><refentrytitle>
msgid "sssd-sudo"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-sudo.5.xml:17
msgid "Configuring sudo with the SSSD back end"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:23
msgid ""
"This manual page describes how to configure <citerefentry> "
"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-sudo.5.xml:36
msgid "Configuring sudo to cooperate with SSSD"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:38
msgid ""
"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:47
msgid ""
"For example, to configure sudo to first lookup rules in the standard "
"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> file (which should contain rules that apply to "
"local users) and then in SSSD, the nsswitch.conf file should contain the "
"following line:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-sudo.5.xml:57
#, no-wrap
msgid "sudoers: files sss\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:61
msgid ""
"More information about configuring the sudoers search order from the "
"nsswitch.conf file as well as information about the LDAP schema that is used "
"to store sudo rules in the directory can be found in <citerefentry> "
"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:70
msgid ""
"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
"sudo rules, you also need to correctly set <citerefentry> "
"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
"citerefentry> to your NIS domain name (which equals to IPA domain name when "
"using hostgroups)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:84
msgid ""
"All configuration that is needed on SSSD side is to extend the list of "
"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
"option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
"config_file_version = 2\n"
"services = nss, pam, sudo\n"
"domains = EXAMPLE\n"
"\n"
"[domain/EXAMPLE]\n"
"id_provider = ldap\n"
"sudo_provider = ldap\n"
"ldap_uri = ldap://example.com\n"
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:98
msgid ""
"<placeholder type=\"programlisting\" id=\"0\"/> <phrase condition="
"\"have_systemd\"> It's important to note that on platforms where systemd is "
"supported there's no need to add the \"sudo\" provider to the list of "
"services, as it became optional. However, sssd-sudo.socket must be enabled "
"instead. </phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:118
msgid ""
"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
"automatically enabled. The sudo search base is configured to use the IPA "
"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in "
"sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
"$SUFFIX) is no longer required for IPA sudo functionality."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-sudo.5.xml:128
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:130
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
"experience and is as fast as sudo but keeps providing the most current set "
"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
"of updates. They are referred to as full refresh, smart refresh and rules "
"refresh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:138
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
"database growing by fetching only small increments that do not generate "
"large amounts of network traffic."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:144
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
"This is used to keep the cache consistent by removing every rule which was "
"deleted from the server. However, full refresh may produce a lot of traffic "
"and thus it should be run only occasionally depending on the size and "
"stability of the sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:152
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
"Rules refresh will find all rules that apply to this user, check their "
"expiration time and redownload them if expired. In the case that any of "
"these rules are missing on the server, the SSSD will do an out of band full "
"refresh because more rules (that apply to other users) may have been deleted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:161
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
"<emphasis>sudoHost</emphasis> attribute:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:168
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:173
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:178
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:183
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:188
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:193
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:199
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd.8.xml:10 sssd.8.xml:15
msgid "sssd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.8.xml:16
msgid "System Security Services Daemon"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sssd.8.xml:21
msgid ""
"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.8.xml:31
msgid ""
"<command>SSSD</command> provides a set of daemons to manage access to remote "
"directories and authentication mechanisms. It provides an NSS and PAM "
"interface toward the system and a pluggable backend system to connect to "
"multiple different account sources as well as D-Bus interface. It is also "
"the basis to provide client auditing and policy services for projects like "
"FreeIPA. It provides a more robust database to store local users as well as "
"extended user data."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:46
msgid ""
"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:53
msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:57
msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:60
msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:69
msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:73
msgid ""
"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:76
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:89
msgid ""
"Send the debug output to files instead of stderr. By default, the log files "
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:94
msgid ""
"This option is deprecated. It is replaced by <option>--logger=files</option>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:101
#, fuzzy
#| msgid ""
#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
#| "replaceable>"
msgid "<option>--logger=</option><replaceable>value</replaceable>"
msgstr ""
"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:105
msgid ""
"Location where SSSD will send log messages. This option overrides the value "
"of the deprecated option <option>--debug-to-files</option>. The deprecated "
"option will still work if the <option>--logger</option> is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:112
msgid ""
"<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
"output."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:116
msgid ""
"<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
"default, the log files are stored in <filename>/var/log/sssd</filename> and "
"there are separate log files for every SSSD service and domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:122
msgid ""
"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:132
msgid "<option>-D</option>,<option>--daemon</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:136
msgid "Become a daemon after starting up."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:142 sss_seed.8.xml:136
msgid "<option>-i</option>,<option>--interactive</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:146
msgid "Run in the foreground, don't become a daemon."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:152
msgid "<option>-c</option>,<option>--config</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:156
msgid ""
"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
"conf</filename>. For reference on the config file syntax and options, "
"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:170
msgid "<option>--version</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:174
msgid "Print version number and exit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.8.xml:182
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:185
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:188
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:194
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:197
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
"like logrotate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:205
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:208
msgid ""
"Tells the SSSD to simulate offline operation for the duration of the "
"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
"signal can be sent to either the sssd process or any sssd_be process "
"directly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:217
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:220
msgid ""
"Tells the SSSD to go online immediately. This is useful for testing. The "
"signal can be sent to either the sssd process or any sssd_be process "
"directly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.8.xml:232
msgid ""
"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
"applications will not use the fast in memory cache."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_obfuscate.8.xml:16
msgid "obfuscate a clear text password"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_obfuscate.8.xml:21
msgid ""
"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
"replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:32
msgid ""
"<command>sss_obfuscate</command> converts a given password into human-"
"unreadable format and places it into appropriate domain section of the SSSD "
"config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:37
msgid ""
"The cleartext password is read from standard input or entered "
"interactively. The obfuscated password is put into "
"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
"<quote>ldap_default_authtok_type</quote> parameter is set to "
"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more details on these parameters."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:49
msgid ""
"Please note that obfuscating the password provides <emphasis>no real "
"security benefit</emphasis> as it is still possible for an attacker to "
"reverse-engineer the password back. Using better authentication mechanisms "
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"advised."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:63
msgid "<option>-s</option>,<option>--stdin</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:67
msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:79
msgid ""
"The SSSD domain to use the password in. The default name is <quote>default</"
"quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:86
msgid ""
"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:91
msgid "Read the config file specified by the positional parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:95
msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_override.8.xml:10 sss_override.8.xml:15
msgid "sss_override"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_override.8.xml:16
msgid "create local overrides of user and group attributes"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_override.8.xml:21
msgid ""
"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:32
msgid ""
"<command>sss_override</command> enables to create a client-side view and "
"allows to change selected values of specific user and groups. This change "
"takes effect only on local machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
"local overrides are lost. Please note that after the first override is "
"created using any of the following <emphasis>user-add</emphasis>, "
"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
"take effect. <emphasis>sss_override</emphasis> prints message when a "
"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_override.8.xml:50 sssctl.8.xml:41
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
"<emphasis>gid</emphasis> to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:72
msgid ""
"Override attributes of an user. Please be aware that calling this command "
"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:85
msgid ""
"Remove user overrides. However be aware that overridden attributes might be "
"returned from memory cache. Please see SSSD option "
"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:94
msgid ""
"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
"optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:99
msgid ""
"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:107
msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:112
msgid "Show user overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:128
msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
"value simply by leaving corresponding field empty."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:143
msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
"optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:169
msgid ""
"Override attributes of a group. Please be aware that calling this command "
"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:182
msgid ""
"Remove group overrides. However be aware that overridden attributes might be "
"returned from memory cache. Please see SSSD option "
"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:191
msgid ""
"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
"optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:196
msgid ""
"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
"parameter is set, only groups from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:204
msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:209
msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
"value simply by leaving corresponding field empty."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_override.8.xml:261 sssctl.8.xml:50
msgid "COMMON OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:263 sssctl.8.xml:52
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_override.8.xml:268 sssctl.8.xml:57
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
msgid "sss_useradd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_useradd.8.xml:16
msgid "create a new user"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_useradd.8.xml:21
msgid ""
"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_useradd.8.xml:32
msgid ""
"<command>sss_useradd</command> creates a new user account using the values "
"specified on the command line plus the default values from the system."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:43 sss_seed.8.xml:76
msgid ""
"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:48
msgid ""
"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid ""
"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid ""
"Any text string describing the user. Often used as the field for the user's "
"full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid ""
"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:72
msgid ""
"The home directory of the user account. The default is to append the "
"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
"that as the home directory. The base that is prepended before "
"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
"baseDirectory</quote> setting in sssd.conf."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid ""
"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:87
msgid ""
"The user's login shell. The default is currently <filename>/bin/bash</"
"filename>. The default can be changed with <quote>user_defaults/"
"defaultShell</quote> setting in sssd.conf."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:96
msgid ""
"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:101
msgid "A list of existing groups this user is also a member of."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:107
msgid "<option>-m</option>,<option>--create-home</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:111
msgid ""
"Create the user's home directory if it does not exist. The files and "
"directories contained in the skeleton directory (which can be defined with "
"the -k option or in the config file) will be copied to the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:121
msgid "<option>-M</option>,<option>--no-create-home</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:125
msgid ""
"Do not create the user's home directory. Overrides configuration settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:132
msgid ""
"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:137
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
"<command>sss_useradd</command>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:143
msgid ""
"Special files (block devices, character devices, named pipes and unix "
"sockets) will not be copied."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:147
msgid ""
"This option is only valid if the <option>-m</option> (or <option>--create-"
"home</option>) option is specified, or creation of home directories is set "
"to TRUE in the configuration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
msgid ""
"<option>-Z</option>,<option>--selinux-user</option> "
"<replaceable>SELINUX_USER</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:161
msgid ""
"The SELinux user for the user's login. If not specified, the system default "
"will be used."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
msgid "sssd-krb5"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-krb5.5.xml:17
msgid "SSSD Kerberos provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
"This manual page describes the configuration of the Kerberos 5 "
"authentication backend for <citerefentry> <refentrytitle>sssd</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:36
msgid ""
"The Kerberos 5 authentication backend contains auth and chpass providers. It "
"must be paired with an identity provider in order to function properly (for "
"example, id_provider = ldap). Some information required by the Kerberos 5 "
"authentication backend must be provided by the identity provider, such as "
"the user's Kerberos Principal Name (UPN). The configuration of the identity "
"provider should have an entry to specify the UPN. Please refer to the man "
"page for the applicable identity provider for details on how to configure "
"this."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:47
msgid ""
"This backend also provides access control based on the .k5login file in the "
"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
"Please note that an empty .k5login file will deny all access to this user. "
"To activate this feature, use 'access_provider = krb5' in your SSSD "
"configuration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:55
msgid ""
"In the case where the UPN is not available in the identity backend, "
"<command>sssd</command> will construct a UPN using the format "
"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect, in the order of preference. "
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
"colon) may be appended to the addresses or hostnames. If empty, service "
"discovery is enabled; for more information, refer to the <quote>SERVICE "
"DISCOVERY</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:106
msgid ""
"The name of the Kerberos realm. This option is required and must be "
"specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:113
msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:116
msgid ""
"If the change password service is not running on the KDC, alternative "
"servers can be defined here. An optional port number (preceded by a colon) "
"may be appended to the addresses or hostnames."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:122
msgid ""
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
"servers to try, the backend is not switched to operate offline if "
"authentication against the KDC is still possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:129
msgid "Default: Use the KDC"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:135
msgid "krb5_ccachedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
"krb5_ccname_template can be used here, too, except %d and %P. The directory "
"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:188
msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:193 include/override_homedir.xml:31
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:199 include/override_homedir.xml:49
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:200 include/override_homedir.xml:50
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
"implies the <quote>FILE</quote> type. In the template, the following "
"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
"filename in a safe way."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
"credentials on a per-UID basis. This is also the recommended choice, as it "
"is the most secure and predictable method."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
"section. The option name is default_ccache_name. See krb5.conf(5)'s "
"PARAMETER EXPANSION paragraph for additional information on the expansion "
"format defined by krb5.conf."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:225
msgid ""
"NOTE: Please be aware that libkrb5 ccache expansion template from "
"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:234
msgid "Default: (from libkrb5)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:240
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:243
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
"offline."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:254
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:257
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
"with a matching realm is used for validation. If no entry matches the realm, "
"the last entry in the keytab is used. This process can be used to validate "
"environments using cross-realm trust by placing the appropriate keytab entry "
"as the last entry or the only entry in the keytab file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:272
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:275
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:279
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:285
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:288
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:293
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
"by the root user (with difficulty)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:306
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:309
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:335
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:341
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:344
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:360
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:364
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:369
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:376
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:379
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:406
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:416
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:419
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:424
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:428
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:433
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:438
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:441
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:444
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
"configuration error."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:453
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:456
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:465
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:514
msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:517
msgid ""
"The IPA provider will set to option to 'true' if it detects that the server "
"is capable of handling enterprise principals and the option is not set "
"explicitly in the config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:526
msgid "krb5_map_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:529
msgid ""
"The list of mappings is given as a comma-separated list of pairs "
"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
"name and <quote>primary</quote> is a user part of a kerberos principal. This "
"mapping is used when user is authenticating using <quote>auth_provider = "
"krb5</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-krb5.5.xml:541
#, no-wrap
msgid ""
"krb5_realm = REALM\n"
"krb5_map_user = joe:juser,dick:richard\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:546
msgid ""
"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
"quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:65
msgid ""
"If the auth-module krb5 is used in an SSSD domain, the following options "
"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:572
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
"example shows only configuration of Kerberos authentication; it does not "
"include any identity provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-krb5.5.xml:580
#, no-wrap
msgid ""
"[domain/FOO]\n"
"auth_provider = krb5\n"
"krb5_server = 192.168.1.1\n"
"krb5_realm = EXAMPLE.COM\n"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
msgid "sss_groupadd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupadd.8.xml:16
msgid "create a new group"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupadd.8.xml:21
msgid ""
"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:32
msgid ""
"<command>sss_groupadd</command> creates a new group. These groups are "
"compatible with POSIX groups, with the additional feature that they can "
"contain other groups as members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupadd.8.xml:43 sss_seed.8.xml:88
msgid ""
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupadd.8.xml:48
msgid ""
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
msgid "sss_userdel"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_userdel.8.xml:16
msgid "delete a user account"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_userdel.8.xml:21
msgid ""
"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:32
msgid ""
"<command>sss_userdel</command> deletes a user identified by login name "
"<replaceable>LOGIN</replaceable> from the system."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:44
msgid "<option>-r</option>,<option>--remove</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:48
msgid ""
"Files in the user's home directory will be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:56
msgid "<option>-R</option>,<option>--no-remove</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:60
msgid ""
"Files in the user's home directory will NOT be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:68
msgid "<option>-f</option>,<option>--force</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:72
msgid ""
"This option forces <command>sss_userdel</command> to remove the user's home "
"directory and mail spool, even if they are not owned by the specified user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:80
msgid "<option>-k</option>,<option>--kick</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:84
msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
msgid "sss_groupdel"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupdel.8.xml:16
msgid "delete a group"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupdel.8.xml:21
msgid ""
"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:32
msgid ""
"<command>sss_groupdel</command> deletes a group identified by its name "
"<replaceable>GROUP</replaceable> from the system."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
msgid "sss_groupshow"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupshow.8.xml:16
msgid "print properties of a group"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupshow.8.xml:21
msgid ""
"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:32
msgid ""
"<command>sss_groupshow</command> displays information about a group "
"identified by its name <replaceable>GROUP</replaceable>. The information "
"includes the group ID number, members of the group and the parent group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupshow.8.xml:43
msgid "<option>-R</option>,<option>--recursive</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupshow.8.xml:47
msgid ""
"Also print indirect group members in a tree-like hierarchy. Note that this "
"also affects printing parent groups - without <option>R</option>, only the "
"direct parent will be printed."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
msgid "sss_usermod"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_usermod.8.xml:16
msgid "modify a user account"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_usermod.8.xml:21
msgid ""
"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:32
msgid ""
"<command>sss_usermod</command> modifies the account specified by "
"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
"on the command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:60
msgid "The home directory of the user account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:71
msgid "The user's login shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:82
msgid ""
"Append this user to groups specified by the <replaceable>GROUPS</"
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:96
msgid ""
"Remove this user from groups specified by the <replaceable>GROUPS</"
"replaceable> parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:103
msgid "<option>-l</option>,<option>--lock</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:107
msgid "Lock the user account. The user won't be able to log in."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:114
msgid "<option>-u</option>,<option>--unlock</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:118
msgid "Unlock the user account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:129
msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:135
msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:140
msgid "Add an attribute/value pair. The format is attrname=value."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:147
msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:152
msgid ""
"Set an attribute to a name/value pair. The format is attrname=value. For "
"multi-valued attributes, the command replaces the values already present"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:160
msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:165
msgid "Delete an attribute/value pair. The format is attrname=value."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_cache.8.xml:10 sss_cache.8.xml:15
msgid "sss_cache"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_cache.8.xml:16
msgid "perform cache cleanup"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_cache.8.xml:21
msgid ""
"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_cache.8.xml:31
msgid ""
"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
"records are forced to be reloaded from server as soon as related SSSD "
"backend is online. Options that invalidate a single object only accept a "
"single provided argument."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:43
msgid "<option>-E</option>,<option>--everything</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:47
msgid "Invalidate all cached entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:53
msgid ""
"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:58
msgid "Invalidate specific user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:64
msgid "<option>-U</option>,<option>--users</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:68
msgid ""
"Invalidate all user records. This option overrides invalidation of specific "
"user if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:75
msgid ""
"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:80
msgid "Invalidate specific group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:86
msgid "<option>-G</option>,<option>--groups</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:90
msgid ""
"Invalidate all group records. This option overrides invalidation of specific "
"group if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:97
msgid ""
"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:102
msgid "Invalidate specific netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid "<option>-N</option>,<option>--netgroups</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:112
msgid ""
"Invalidate all netgroup records. This option overrides invalidation of "
"specific netgroup if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:119
msgid ""
"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:124
msgid "Invalidate specific service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:130
msgid "<option>-S</option>,<option>--services</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:134
msgid ""
"Invalidate all service records. This option overrides invalidation of "
"specific service if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:141
msgid ""
"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:146
msgid "Invalidate specific autofs maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:152
msgid "<option>-A</option>,<option>--autofs-maps</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:156
msgid ""
"Invalidate all autofs maps. This option overrides invalidation of specific "
"map if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:163
msgid ""
"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:168
msgid "Invalidate SSH public keys of a specific host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:174
msgid "<option>-H</option>,<option>--ssh-hosts</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:178
msgid ""
"Invalidate SSH public keys of all hosts. This option overrides invalidation "
"of SSH public keys of specific host if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:186
msgid ""
"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:191
msgid "Invalidate particular sudo rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:197
msgid "<option>-R</option>,<option>--sudo-rules</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:201
msgid ""
"Invalidate all cached sudo rules. This option overrides invalidation of "
"specific sudo rule if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:209
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:214
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
msgid "sss_debuglevel"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_debuglevel.8.xml:16
msgid "[DEPRECATED] change debug level while SSSD is running"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_debuglevel.8.xml:21
msgid ""
"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
"replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_debuglevel.8.xml:32
msgid ""
"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
"debug-level command. Please refer to the <command>sssctl</command> man page "
"for more information on sssctl usage."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_seed.8.xml:10 sss_seed.8.xml:15
msgid "sss_seed"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_seed.8.xml:16
msgid "seed the SSSD cache with a user"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_seed.8.xml:21
msgid ""
"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_seed.8.xml:33
msgid ""
"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
"temporary password. If a user entry is already present in the SSSD cache "
"then the entry is updated with the temporary password."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:46
msgid ""
"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:51
msgid ""
"Provide the name of the domain in which the user is a member of. The domain "
"is also used to retrieve user information. The domain must be configured in "
"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
"Information retrieved from the domain overrides what is provided in the "
"options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:63
msgid ""
"<option>-n</option>,<option>--username</option> <replaceable>USER</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:68
msgid ""
"The username of the entry to be created or modified in the cache. The "
"<replaceable>USER</replaceable> option must be provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:81
msgid "Set the UID of the user to <replaceable>UID</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:93
msgid "Set the GID of the user to <replaceable>GID</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:117
msgid ""
"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:129
msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:140
msgid ""
"Interactive mode for entering user information. This option will only prompt "
"for information not provided in the options or retrieved from the domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:148
msgid ""
"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:153
msgid ""
"Specify file to read user's password from. (if not specified password is "
"prompted for)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_seed.8.xml:165
msgid ""
"The length of the password (or the size of file specified with -p or --"
"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
"on systems with no globally-defined PASS_MAX value)."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
msgid "sssd-ifp"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ifp.5.xml:17
msgid "SSSD InfoPipe responder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:23
msgid ""
"This manual page describes the configuration of the InfoPipe responder for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:36
msgid ""
"The InfoPipe responder provides a public D-Bus interface accessible over the "
"system bus. The interface allows the user to query information about remote "
"users and groups over the system bus."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:46
msgid "These options can be used to configure the InfoPipe responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:53
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:59
msgid ""
"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:63
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
"access the InfoPipe responder, which would be the typical case, you have to "
"add 0 to the list of allowed UIDs as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:77
msgid "Specifies the comma-separated list of white or blacklisted attributes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:91
msgid "name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:92
msgid "user's login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:95
msgid "uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:96
msgid "user ID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:99
msgid "gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:100
msgid "primary group ID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:103
msgid "gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:104
msgid "user information, typically full name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:107
msgid "homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:111
msgid "loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:112
msgid "user shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:81
msgid ""
"By default, the InfoPipe responder only allows the default set of POSIX "
"attributes to be requested. This set is the same as returned by "
"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ifp.5.xml:125
#, no-wrap
msgid ""
"user_attributes = +telephoneNumber, -loginShell\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:117
msgid ""
"It is possible to add another attribute to this set by using <quote>"
"+attr_name</quote> or explicitly remove an attribute using <quote>-"
"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
"deny <quote>loginShell</quote>, you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:129
msgid "Default: not set. Only the default set of POSIX attributes is allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:139
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup that overrides caller-supplied limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:144
msgid "Default: 0 (let the caller set an upper limit)"
msgstr ""
#. type: Content of: <reference><refentry><refentryinfo>
#: sss_rpcidmapd.5.xml:8
msgid ""
"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
"author>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
msgid "sss_rpcidmapd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_rpcidmapd.5.xml:33
msgid "sss plugin configuration directives for rpc.idmapd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:37
msgid "CONFIGURATION FILE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:39
msgid ""
"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:49
msgid "SSS CONFIGURATION EXTENSION"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:51
msgid "Enable SSS plugin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:53
msgid ""
"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
"attribute to contain <emphasis>sss</emphasis>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:59
msgid "[sss] config section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:61
msgid ""
"In order to change the default of one of the configuration attributes of the "
"<emphasis>sss</emphasis> plugin listed below you will need to create a "
"config section for it, named <quote>[sss]</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#: sss_rpcidmapd.5.xml:67
msgid "Configuration attributes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sss_rpcidmapd.5.xml:69
msgid "memcache (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sss_rpcidmapd.5.xml:72
msgid "Indicates whether or not to use memcache optimisation technique."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:85
msgid "SSSD INTEGRATION"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:87
msgid ""
"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
"in sssd."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:91
msgid ""
"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
"wire)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_rpcidmapd.5.xml:103
#, no-wrap
msgid ""
"[General]\n"
"Verbosity = 2\n"
"# domain must be synced between NFSv4 server and clients\n"
"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
"Domain = default\n"
"\n"
"[Mapping]\n"
"Nobody-User = nfsnobody\n"
"Nobody-Group = nfsnobody\n"
"\n"
"[Translation]\n"
"Method = sss\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:100
msgid ""
"The following example shows a minimal idmapd.conf which makes use of the sss "
"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <refsect1><title>
msgid "SEE ALSO"
msgstr "ZIE OOK"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:122
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sss_ssh_authorizedkeys"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><manvolnum>
msgid "1"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "get OpenSSH authorized keys"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
msgid ""
"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>USER</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> for more information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use it by putting the following "
"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sss_ssh_knownhostsproxy"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "get OpenSSH host keys"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
msgid ""
"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
"pubconf/known_hosts</filename> and establishes the connection to the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
"create the connection to the host instead of opening a socket."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#, no-wrap
msgid ""
"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
"command> for host key authentication by using the following directives for "
"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid ""
"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid ""
"Use port <replaceable>PORT</replaceable> to connect to the host. By "
"default, port 22 is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid ""
"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: idmap_sss.8.xml:10 idmap_sss.8.xml:15
msgid "idmap_sss"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: idmap_sss.8.xml:16
msgid "SSSD's idmap_sss Backend for Winbind"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: idmap_sss.8.xml:22
msgid ""
"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. "
"No database is required in this case as the mapping is done by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: idmap_sss.8.xml:29
msgid "IDMAP OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: idmap_sss.8.xml:33
msgid "range = low - high"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: idmap_sss.8.xml:35
msgid ""
"Defines the available matching UID and GID range for which the backend is "
"authoritative."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: idmap_sss.8.xml:45
msgid ""
"This example shows how to configure idmap_sss as the default mapping module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><programlisting>
#: idmap_sss.8.xml:50
#, no-wrap
msgid ""
"[global]\n"
"security = domain\n"
"workgroup = MAIN\n"
"\n"
"idmap config * : backend = sss\n"
"idmap config * : range = 200000-2147483647\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssctl.8.xml:10 sssctl.8.xml:15
msgid "sssctl"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssctl.8.xml:16
msgid "SSSD control and status utility"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sssctl.8.xml:21
msgid ""
"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
"arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssctl.8.xml:32
msgid ""
"<command>sssctl</command> provides a simple and unified way to obtain "
"information about SSSD status, such as active server, auto-discovered "
"servers, domains and cached objects. In addition, it can manage SSSD data "
"files for troubleshooting in such a way that is safe to manipulate while "
"SSSD is running."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssctl.8.xml:43
msgid ""
"To list all available commands run <command>sssctl</command> without any "
"parameters. To print help for selected command run <command>sssctl COMMAND --"
"help</command>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-files.5.xml:10 sssd-files.5.xml:16
msgid "sssd-files"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-files.5.xml:17
msgid "SSSD files provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-files.5.xml:23
msgid ""
"This manual page describes the files provider for <citerefentry> "
"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-files.5.xml:36
msgid ""
"The files provider mirrors the content of the <citerefentry> "
"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files "
"provider is to make the users and groups traditionally only accessible with "
"NSS interfaces also available through the SSSD interfaces such as "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-files.5.xml:59
msgid ""
"The files provider has no specific options of its own, however, generic SSSD "
"domain options can be set where applicable. Refer to the section "
"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
"for details on the configuration of an SSSD domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-files.5.xml:73
msgid ""
"The following example assumes that SSSD is correctly configured and files is "
"one of the domains in the <replaceable>[sssd]</replaceable> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-files.5.xml:79
#, no-wrap
msgid ""
"[domain/files]\n"
"id_provider = files\n"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
msgid "sssd-secrets"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-secrets.5.xml:17
msgid "SSSD Secrets responder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:23
msgid ""
"This manual page describes the configuration of the Secrets responder for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:36
msgid ""
"Many system and user applications need to store private information such as "
"passwords or service keys and have no good way to properly deal with them. "
"The simple approach is to embed these <quote>secrets</quote> into "
"configuration files potentially ending up exposing sensitive key material to "
"backups, config management system and in general making it harder to secure "
"data."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:45
msgid ""
"The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
"project was born to deal with this problem in cloud like environments, but "
"we found the idea compelling even at a single system level. As a security "
"service, SSSD is ideal to host this capability while offering the same API "
"via a UNIX Socket. This will make it possible to use local calls and have "
"them transparently routed to a local or a remote key management store like "
"IPA Vault for storage, escrow and recovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:55
msgid ""
"The secrets are simple key-value pairs. Each user's secrets are namespaced "
"using their user ID, which means the secrets will never collide between "
"users. Secrets can be stored inside <quote>containers</quote> which can be "
"nested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:69
msgid "secrets"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:70
msgid "secrets for general usage"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:73
msgid "kcm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:75
msgid ""
"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:61
msgid ""
"Since the secrets responder can be used both externally to store general "
"secrets, as described in the rest of this man page, but also internally by "
"other SSSD components to store their secret material, some configuration "
"options, like quotas can be configured per <quote>hive</quote> in a "
"configuration subsection named after the hive. The currently supported hives "
"are: <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-secrets.5.xml:89
msgid "USING THE SECRETS RESPONDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:91
msgid ""
"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
"run/secrets.socket</filename>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-secrets.5.xml:110
#, no-wrap
msgid ""
"systemctl start sssd-secrets.socket\n"
"systemctl enable sssd-secrets.socket\n"
"systemctl enable sssd-secrets.service\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:95
msgid ""
"The secrets responder is socket-activated by <citerefentry> "
"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
"citerefentry>. Unlike other SSSD responders, it cannot be started by adding "
"the <quote>secrets</quote> string to the <quote>service</quote> directive. "
"The systemd socket unit is called <quote>sssd-secrets.socket</quote> and the "
"corresponding service file is called <quote>sssd-secrets.service</quote>. In "
"order for the service to be socket-activated, make sure the socket is "
"enabled and active and the service is enabled: <placeholder type="
"\"programlisting\" id=\"0\"/> Please note your distribution may already "
"configure the units for you."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:122
msgid ""
"The generic SSSD responder options such as <quote>debug_level</quote> or "
"<quote>fd_limit</quote> are accepted by the secrets responder. Please refer "
"to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for a complete list. In addition, "
"there are some secrets-specific options as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:132
msgid ""
"The secrets responder is configured with a global <quote>[secrets]</quote> "
"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
"in <filename>sssd.conf</filename>. Please note that some options, notably as "
"the provider type, can only be specified in the per-user subsections."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:141
msgid "provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:157
msgid "local"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:160
msgid ""
"The secrets are stored in a local database, encrypted at rest with a master "
"key. The local provider does not have any additional config options at the "
"moment."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:168
msgid "proxy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:171
msgid ""
"The secrets responder forwards the requests to a Custodia server. The proxy "
"provider supports several additional options (see below)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:144
msgid ""
"This option specifies where should the secrets be stored. The secrets "
"responder can configure a per-user subsections (e.g. <quote>[secrets/"
"users/123]</quote> - see bottom of this manual page for a full example using "
"Custodia for a particular user) that define which provider store the secrets "
"for this particular user. The per-user subsections should contain all "
"options for that user's provider. Please note that currently the global "
"provider is always local, the proxy provider can only be specified in a per-"
"user section. The following providers are supported: <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:180
msgid "Default: local"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:186
msgid ""
"The following options affect only the secrets <quote>hive</quote> and "
"therefore should be set in a per-hive subsection. Setting the option to 0 "
"means \"unlimited\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:192
msgid "containers_nest_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:195
msgid "This option specifies the maximum allowed number of nested containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:199
msgid "Default: 4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:204
msgid "max_secrets (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:207
msgid ""
"This option specifies the maximum number of secrets that can be stored in "
"the hive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:211
msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:216
#, fuzzy
#| msgid "debug_level (integer)"
msgid "max_uid_secrets (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:219
msgid ""
"This option specifies the maximum number of secrets that can be stored per-"
"UID in the hive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:223
msgid "Default: 256 (secrets hive), 64 (kcm hive)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:228
msgid "max_payload_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:231
msgid ""
"This option specifies the maximum payload size allowed for a secret payload "
"in kilobytes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:235
msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-secrets.5.xml:244
#, no-wrap
msgid ""
"[secrets/secrets]\n"
"max_payload_size = 128\n"
"\n"
"[secrets/kcm]\n"
"max_payload_size = 256\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:241
msgid ""
"For example, to adjust quotas differently for both the <quote>secrets</"
"quote> and the <quote>kcm</quote> hives, configure the following: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:252
msgid ""
"The following options are only applicable for configurations that use the "
"<quote>proxy</quote> provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:257
msgid "proxy_url (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:260
msgid ""
"The URL the Custodia server is listening on. At the moment, http and https "
"protocols are supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:267
msgid "http[s]://<host>[:port]"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:270
msgid "Example: http://localhost:8080"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:275
msgid "auth_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:278
msgid ""
"The method to use when authenticating to a Custodia server. The following "
"authentication methods are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:283
msgid "basic_auth"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:286
msgid ""
"Authenticate with a username and a password as set in the <quote>username</"
"quote> and <quote>password</quote> options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:293
msgid "header"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:296
msgid ""
"Authenticate with HTTP header value as defined in the "
"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
"configuration options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:307
msgid "auth_header_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:310
msgid ""
"If set, the secrets responder would put a header with this name into the "
"HTTP request with the value defined in the <quote>auth_header_value</quote> "
"configuration option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:315
msgid "Example: MYSECRETNAME"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:320
msgid "auth_header_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:323
msgid ""
"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:327
msgid "Example: mysecret"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:332
msgid "forward_headers (list of strings)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:335
msgid ""
"The list of HTTP headers to forward to the Custodia server together with the "
"request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:344
msgid "verify_peer (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:347
msgid ""
"Whether peer's certificate should be verified and valid if HTTPS protocol is "
"used with the proxy provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:356
msgid "verify_host (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:359
msgid ""
"Whether peer's hostname must match with hostname in its certificate if HTTPS "
"protocol is used with the proxy provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:369
msgid "capath (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:372
msgid ""
"Path to directory containing stored certificate authority certificates. "
"System default path is used if this option is not set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:382
msgid "cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:385
msgid ""
"Path to file containing server's certificate authority certificate. If this "
"option is not set then the CA's certificate is looked up in <quote>capath</"
"quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:395
msgid "cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:398
msgid ""
"Path to file containing client's certificate if required by the server. This "
"file may also contain private key or the private key may be in separate file "
"set with <quote>key</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:409
msgid "key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:412
msgid "Path to file containing client's private key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-secrets.5.xml:422
msgid "USING THE REST API"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:424
msgid ""
"This section lists the available commands and includes examples using the "
"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
"</citerefentry> utility. All requests towards the proxy provider must set "
"the Content Type header to <quote>application/json</quote>. In addition, the "
"local provider also supports Content Type set to <quote>application/octet-"
"stream</quote>. Secrets stored with requests that set the Content Type "
"header to <quote>application/octet-stream</quote> are base64-encoded when "
"stored and decoded when retrieved, so it's not possible to store a secret "
"with one Content Type and retrieve with another. The secret URI must begin "
"with <filename>/secrets/</filename>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:441
msgid "Listing secrets"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:444
msgid ""
"To list the available secrets, send a HTTP GET request with a trailing slash "
"appended to the container path."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:450
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XGET http://localhost/secrets/\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:458
msgid "Retrieving a secret"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:461
msgid ""
"To read a value of a single secret, send a HTTP GET request without a "
"trailing slash. The last portion of the URI is the name of the secret."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:468
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XGET http://localhost/secrets/foo\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:473
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/octet-stream\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XGET http://localhost/secrets/bar\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:466
msgid ""
"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
"\"programlisting\" id=\"1\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:481
msgid "Setting a secret"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:484
msgid ""
"To set a secret using the <quote>application/json</quote> type, send a HTTP "
"PUT request with a JSON payload that includes type and value. The type "
"should be set to \"simple\" and the value should be set to the secret value. "
"If a secret with that name already exists, the response is a 409 HTTP error."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:492
msgid ""
"The <quote>application/json</quote> type just sends the secret as the "
"message payload."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:501
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XPUT http://localhost/secrets/foo \\\n"
" -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:507
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/octet-stream\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XPUT http://localhost/secrets/bar \\\n"
" -d'barsecret'\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:496
msgid ""
"The following example sets a secret named 'foo' to a value of 'foosecret' "
"and a secret named 'bar' to a value of 'barsecret' using a different Content "
"Type. <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
"\"programlisting\" id=\"1\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:516
msgid "Creating a container"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:519
msgid ""
"Containers provide an additional namespace for this user's secrets. To "
"create a container, send a HTTP POST request, whose URI ends with the "
"container name. Please note the URI must end with a trailing slash."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:529
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XPOST http://localhost/secrets/mycontainer/\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:526
msgid ""
"The following example creates a container named 'mycontainer': <placeholder "
"type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:538
#, no-wrap
msgid ""
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:535
msgid ""
"To manipulate secrets under this container, just nest the secrets underneath "
"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-secrets.5.xml:544
msgid "Deleting a secret or a container"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:547
msgid ""
"To delete a secret or a container, send a HTTP DELETE request with a path to "
"the secret or the container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-secrets.5.xml:553
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
" --unix-socket /var/run/secrets.socket \\\n"
" -XDELETE http://localhost/secrets/foo\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-secrets.5.xml:551
msgid ""
"The following example deletes a secret named 'foo'. <placeholder type="
"\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-secrets.5.xml:563
msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:565
msgid ""
"For testing the proxy provider, you need to set up a Custodia server to "
"proxy requests to. Please always consult the Custodia documentation, the "
"configuration directives might change with different Custodia versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-secrets.5.xml:576
#, no-wrap
msgid ""
"[global]\n"
"server_version = \"Secret/0.0.7\"\n"
"server_url = http://localhost:8080/\n"
"auditlog = /var/log/custodia.log\n"
"debug = True\n"
"\n"
"[store:simple]\n"
"handler = custodia.store.sqlite.SqliteStore\n"
"dburi = /var/lib/custodia.db\n"
"table = secrets\n"
"\n"
"[auth:header]\n"
"handler = custodia.httpd.authenticators.SimpleHeaderAuth\n"
"header = MYSECRETNAME\n"
"value = mysecretkey\n"
"\n"
"[authz:paths]\n"
"handler = custodia.httpd.authorizers.SimplePathAuthz\n"
"paths = /secrets\n"
"\n"
"[/]\n"
"handler = custodia.root.Root\n"
"store = simple\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:570
msgid ""
"This configuration will set up a Custodia server listening on http://"
"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
"mysecretkey to communicate with the Custodia server. Place the contents "
"into a file (for example, <replaceable>custodia.conf</replaceable>): "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:602
msgid ""
"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
"config file as a command line argument."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-secrets.5.xml:606
msgid ""
"Please note that currently it's not possible to proxy all requests globally "
"to a Custodia instance. Instead, per-user subsections for user IDs that "
"should proxy requests to Custodia must be defined. The following example "
"illustrates a configuration, where the user with UID 123 would proxy their "
"requests to Custodia, but all other user's requests would be handled by a "
"local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><programlisting>
#: sssd-secrets.5.xml:614
#, no-wrap
msgid ""
"[secrets]\n"
"\n"
"[secrets/users/123]\n"
"provider = proxy\n"
"proxy_url = http://localhost:8080/secrets/\n"
"auth_type = header\n"
"auth_header_name = MYSECRETNAME\n"
"auth_header_value = mysecretkey\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sssd-session-recording"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "Configuring session recording with SSSD"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"This manual page describes how to configure <citerefentry> "
"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
"implement user session recording on text terminals. For a detailed "
"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"SSSD can be set up to enable recording of everything specific users see or "
"type during their sessions on text terminals. E.g. when users log in on the "
"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
"tlog-rec-session is started upon user login, so it can record according to "
"its configuration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"For users with session recording enabled, SSSD replaces the user shell with "
"tlog-rec-session in NSS responses, and adds a variable specifying the "
"original shell to the user environment, upon PAM session setup. This way "
"tlog-rec-session can be started in place of the user shell, and know which "
"actual shell to start, once it set up the recording."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#, fuzzy
#| msgid "These options can be used to configure any service."
msgid "These options can be used to configure the session recording."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-session-recording.5.xml:146
msgid ""
"The following snippet of sssd.conf enables session recording for users "
"\"contractor1\" and \"contractor2\", and group \"students\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-session-recording.5.xml:151
#, no-wrap
msgid ""
"[session_recording]\n"
"scope = some\n"
"users = contractor1, contractor2\n"
"groups = students\n"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
msgid "sssd-kcm"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-kcm.8.xml:17
msgid "SSSD Kerberos Cache Manager"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:23
msgid ""
"This manual page describes the configuration of the SSSD Kerberos Cache "
"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos "
"credential caches. It originates in the Heimdal Kerberos project, although "
"the MIT Kerberos library also provides client side (more details on that "
"below) support for the KCM credential cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:31
msgid ""
"In a setup where Kerberos caches are managed by KCM, the Kerberos library "
"(typically used through an application, like e.g., <citerefentry> "
"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is "
"being referred to as a <quote>\"KCM server\"</quote>. The client and server "
"communicate over a UNIX socket."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:42
msgid ""
"The KCM server keeps track of each credential caches's owner and performs "
"access check control based on the UID and GID of the KCM client. The root "
"user has access to all credential caches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:47
msgid "The KCM credential cache has several interesting properties:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-kcm.8.xml:51
msgid ""
"since the process runs in userspace, it is subject to UID namespacing, "
"unlike the kernel keyring"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-kcm.8.xml:56
msgid ""
"unlike the kernel keyring-based cache, which is shared between all "
"containers, the KCM server is a separate process whose entry point is a UNIX "
"socket"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-kcm.8.xml:61
msgid ""
"the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry> secrets store, allowing the ccaches to survive KCM server "
"restarts or machine reboots."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:69
msgid ""
"This allows the system to use a collection-aware credential cache, yet share "
"the credential cache between some or no containers by bind-mounting the "
"socket."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-kcm.8.xml:76
msgid "USING THE KCM CREDENTIAL CACHE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-kcm.8.xml:86
#, no-wrap
msgid ""
"[libdefaults]\n"
" default_ccache_name = KCM:\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:78
msgid ""
"In order to use KCM credential cache, it must be selected as the default "
"credential type in <citerefentry> <refentrytitle>krb5.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials "
"cache name must be only <quote>KCM:</quote> without any template "
"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:91
msgid ""
"Next, make sure the Kerberos client libraries and the KCM server must agree "
"on the UNIX socket path. By default, both use the same path <replaceable>/"
"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos "
"library, change its <quote>kcm_socket</quote> option which is described in "
"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-kcm.8.xml:113
#, no-wrap
msgid ""
"systemctl start sssd-kcm.socket\n"
"systemctl enable sssd-kcm.socket\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:102
msgid ""
"Finally, make sure the SSSD KCM server can be contacted. The KCM service is "
"typically socket-activated by <citerefentry> <refentrytitle>systemd</"
"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD "
"services, it cannot be started by adding the <quote>kcm</quote> string to "
"the <quote>service</quote> directive. <placeholder type=\"programlisting\" "
"id=\"0\"/> Please note your distribution may already configure the units for "
"you."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-kcm.8.xml:122
msgid "THE CREDENTIAL CACHE STORAGE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-kcm.8.xml:131
#, no-wrap
msgid ""
"systemctl start sssd-secrets.socket\n"
"systemctl enable sssd-secrets.socket\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:124
msgid ""
"The credential caches are stored in the SSSD secrets service (see "
"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry> for more details). Therefore it is important that "
"also the sssd-secrets service is enabled and its socket is started: "
"<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should "
"already set the dependencies between the services."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:141
msgid ""
"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
"conf file. Please note that currently, is it not sufficient to restart the "
"sssd-kcm service, because the sssd configuration is only parsed and read to "
"an internal configuration database by the sssd service. Therefore you must "
"restart the sssd service if you change anything in the <quote>kcm</quote> "
"section of sssd.conf. For a detailed syntax reference, refer to the "
"<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:155
msgid ""
"The generic SSSD service options such as <quote>debug_level</quote> or "
"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to "
"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for a complete list. In addition, "
"there are some KCM-specific options as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-kcm.8.xml:166
msgid "socket_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-kcm.8.xml:169
msgid "The socket the KCM service will listen on."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-kcm.8.xml:172
msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-kcm.8.xml:182
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
msgid "sssd-systemtap"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-systemtap.5.xml:17
msgid "SSSD systemtap information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-systemtap.5.xml:23
msgid ""
"This manual page provides information about the systemtap functionality in "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-systemtap.5.xml:32
msgid ""
"SystemTap Probe points have been added into various locations in SSSD code "
"to assist in troubleshooting and analyzing performance related issues."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-systemtap.5.xml:40
msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-systemtap.5.xml:46
msgid ""
"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
"respectively."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-systemtap.5.xml:57
msgid "PROBE POINTS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
msgid ""
"The information below lists the probe points and arguments available in the "
"following format:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:64
msgid "probe $name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:67
msgid "Description of probe point"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:70
#, no-wrap
msgid ""
"variable1:datatype\n"
"variable2:datatype\n"
"variable3:datatype\n"
"...\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-systemtap.5.xml:80
msgid "Database Transaction Probes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:84
msgid "probe sssd_transaction_start"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:87
msgid ""
"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:131
#, no-wrap
msgid ""
"nesting:integer\n"
"probestr:string\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:97
msgid "probe sssd_transaction_cancel"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:100
msgid ""
"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() "
"function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:111
msgid "probe sssd_transaction_commit_before"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:114
msgid "Probes the sysdb_transaction_commit_before() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:124
msgid "probe sssd_transaction_commit_after"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:127
msgid "Probes the sysdb_transaction_commit_after() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-systemtap.5.xml:141
msgid "LDAP Search Probes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:145
msgid "probe sdap_search_send"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:148
msgid "Probes the sdap_get_generic_ext_send() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#, no-wrap
msgid ""
"base:string\n"
"scope:integer\n"
"filter:string\n"
"probestr:string\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:160
msgid "probe sdap_search_recv"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:163
msgid "Probes the sdap_get_generic_ext_recv() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:175
msgid "probe sdap_deref_send"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:178
msgid "Probes the sdap_deref_search_send() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:182
#, no-wrap
msgid ""
"base_dn:string\n"
"deref_attr:string\n"
"probestr:string\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:189
msgid "probe sdap_deref_recv"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:192
msgid "Probes the sdap_deref_search_recv() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-systemtap.5.xml:208
msgid "LDAP Account Request Probes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:212
msgid "probe sdap_acct_req_send"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:215
msgid "Probes the sdap_acct_req_send() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
#, no-wrap
msgid ""
"entry_type:int\n"
"filter_type:int\n"
"filter_value:string\n"
"extra_value:string\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:227
msgid "probe sdap_acct_req_recv"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:230
msgid "Probes the sdap_acct_req_recv() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-systemtap.5.xml:246
msgid "LDAP User Search Probes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:250
msgid "probe sdap_search_user_send"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:253
msgid "Probes the sdap_search_user_send() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:293
#, no-wrap
msgid ""
"filter:string\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:262
msgid "probe sdap_search_user_recv"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:265
msgid "Probes the sdap_search_user_recv() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:274
msgid "probe sdap_search_user_save_begin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:277
msgid "Probes the sdap_search_user_save_begin() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:286
msgid "probe sdap_search_user_save_end"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:289
msgid "Probes the sdap_search_user_save_end() function."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-systemtap.5.xml:302
msgid "Data Provider Request Probes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:306
msgid "probe dp_req_send"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:309
msgid "A Data Provider request is submitted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:312
#, no-wrap
msgid ""
"dp_req_domain:string\n"
"dp_req_name:string\n"
"dp_req_target:int\n"
"dp_req_method:int\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:320
msgid "probe dp_req_done"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:323
msgid "A Data Provider request is completed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-systemtap.5.xml:326
#, no-wrap
msgid ""
"dp_req_name:string\n"
"dp_req_target:int\n"
"dp_req_method:int\n"
"dp_ret:int\n"
"dp_errorstr:string\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd-systemtap.5.xml:339
msgid "MISCELLANEOUS FUNCTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:346
msgid "function acct_req_desc(entry_type)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:349
msgid "Convert entry_type to string and return string"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:354
msgid ""
"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
"filter_value, extra_value)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:358
msgid "Create probe string based on filter type"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:363
msgid "function dp_target_str(target)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:366
msgid "Convert target to string and return string"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd-systemtap.5.xml:371
msgid "function dp_method_str(target)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd-systemtap.5.xml:374
msgid "Convert method to string and return string"
msgstr ""
#. type: Content of: <refsect1><title>
msgid "SERVICE DISCOVERY"
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"The service discovery feature allows back ends to automatically find the "
"appropriate servers to connect to using a special DNS query. This feature is "
"not supported for backup servers."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"If no servers are specified, the back end automatically uses service "
"discovery to try to find a server. Optionally, the user may choose to use "
"both fixed server addresses and service discovery by inserting a special "
"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
"preference is maintained. This feature is useful if, for example, the user "
"prefers to use service discovery whenever possible, and fall back to a "
"specific server when no servers can be discovered using DNS."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "The domain name"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for more details."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "The protocol"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"The queries usually specify _tcp as the protocol. Exceptions are documented "
"in respective option description."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "See Also"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"For more information on the service discovery mechanism, refer to RFC 2782."
msgstr ""
#. type: Content of: <refentryinfo>
#: include/upstream.xml:2
msgid ""
"<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
"io/SSSD/sssd/</orgname>"
msgstr ""
#. type: Content of: outside any tag (error?)
#: include/upstream.xml:1
msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
msgstr ""
#. type: Content of: <refsect1><title>
#: include/failover.xml:2
msgid "FAILOVER"
msgstr ""
#. type: Content of: <refsect1><para>
#: include/failover.xml:4
msgid ""
"The failover feature allows back ends to automatically switch to a different "
"server if the current server fails."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:8
msgid "Failover Syntax"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:10
msgid ""
"The list of servers is given as a comma-separated list; any number of spaces "
"is allowed around the comma. The servers are listed in order of preference. "
"The list can contain any number of servers."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:16
msgid ""
"For each failover-enabled config option, two variants exist: "
"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
"that servers in the primary list are preferred and backup servers are only "
"searched if no primary servers can be reached. If a backup server is "
"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
"periodically try to reconnect to one of the primary servers. If it succeeds, "
"it will replace the current active (backup) server."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:27
msgid "The Failover Mechanism"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:29
msgid ""
"The failover mechanism distinguishes between a machine and a service. The "
"back end first tries to resolve the hostname of a given machine; if this "
"resolution attempt fails, the machine is considered offline. No further "
"attempts are made to connect to this machine for any other service. If the "
"resolution attempt succeeds, the back end tries to connect to a service on "
"this machine. If the service connection attempt fails, then only this "
"particular service is considered offline and the back end automatically "
"switches over to the next service. The machine is still considered online "
"and might still be tried for another service."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:42
msgid ""
"Further connection attempts are made to machines or services marked as "
"offline after a specified period of time; this is currently hard coded to 30 "
"seconds."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:47
msgid ""
"If there are no more machines to try, the back end as a whole switches to "
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:53
msgid "Failover time outs and tuning"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:55
msgid ""
"Resolving a server to connect to can be as simple as running a single DNS "
"query or can involve several steps, such as finding the correct site or "
"trying out multiple host names in case some of the configured servers are "
"not reachable. The more complex scenarios can take some time and SSSD needs "
"to balance between providing enough time to finish the resolution process "
"but on the other hand, not trying for too long before falling back to "
"offline mode. If the SSSD debug logs show that the server resolution is "
"timing out before a live server is contacted, you can consider changing the "
"time outs."
msgstr ""
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
#: include/failover.xml:76
msgid "dns_resolver_op_timeout"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: include/failover.xml:80
msgid "How long would SSSD talk to a single DNS server."
msgstr ""
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
#: include/failover.xml:86
msgid "dns_resolver_timeout"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: include/failover.xml:90
msgid ""
"How long would SSSD try to resolve a failover service. This service "
"resolution internally might include several steps, such as resolving DNS SRV "
"queries or locating the site."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:67
msgid ""
"This section lists the available tunables. Please refer to their description "
"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:100
msgid ""
"For LDAP-based providers, the resolve operation is performed as part of an "
"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
"quote> timeout should be set to a larger value than "
"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
"value than <quote>dns_resolver_op_timeout</quote>."
msgstr ""
#. type: Content of: <refsect1><title>
msgid "ID MAPPING"
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"The ID-mapping feature allows SSSD to act as a client of Active Directory "
"without requiring administrators to extend user attributes to support POSIX "
"attributes for user and group identifiers."
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
"ignored. This is to avoid the possibility of conflicts between automatically-"
"assigned and manually-assigned values. If you need to use manually-assigned "
"values, ALL values must be manually-assigned."
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"Please note that changing the ID mapping related configuration options will "
"cause user and group IDs to change. At the moment, SSSD does not support "
"changing IDs, so the SSSD database must be removed. Because cached passwords "
"are also stored in the database, removing the database should only be "
"performed while the authentication servers are reachable, otherwise users "
"might get locked out. In order to cache the password, an authentication must "
"be performed. It is not sufficient to use <citerefentry> "
"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry> to remove the database, rather the process consists of:"
msgstr ""
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Making sure the remote servers are reachable"
msgstr ""
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Stopping the SSSD service"
msgstr ""
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Removing the database"
msgstr ""
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Starting the SSSD service"
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"Moreover, as the change of IDs might necessitate the adjustment of other "
"system properties such as file and directory ownership, it's advisable to "
"plan ahead and test the ID mapping configuration thoroughly."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
"represent the Active Directory domain identity and the relative identifier "
"(RID) of the user or group object."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
"represents the space available to an Active Directory domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
"In order to make this slice-assignment repeatable on different client "
"machines, we select the slice based on the following algorithm:"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
"number of available slices to pick the slice."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
"it may not be possible to reproduce the same exact set of slices on other "
"machines (since the order that they are encountered will determine their "
"slice). In this situation, it is recommended to either switch to using "
"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
"configure a default domain to guarantee that at least one is always "
"consistent. See <quote>Configuration</quote> for details."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
"ldap_schema = ad\n"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 200,000 and going up to "
"2,000,200,000. This should be sufficient for most deployments."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
"whereas this option controls the range of ID assignment. This is a subtle "
"distinction, but the good general advice would be to have <quote>min_id</"
"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
"whereas this option controls the range of ID assignment. This is a subtle "
"distinction, but the good general advice would be to have <quote>max_id</"
"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:173
msgid ""
"NOTE: The value of this option must be at least as large as the highest user "
"RID planned for use on the Active Directory server. User lookups and login "
"will fail for any user whose RID is greater than this value."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:179
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
"users with different local IDs than they previously had."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
"murmurhash algorithm described above."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
"with machines running winbind, it is recommended to also use the "
"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
"least one domain is consistently allocated to slice zero."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:249
msgid "ldap_idmap_helper_table_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:252
msgid ""
"Maximal number of secondary slices that is tried when performing mapping "
"from UNIX id to SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:256
msgid ""
"Note: Additional secondary slices might be generated when SID is being "
"mapped to UNIX id and RID part of SID is out of range for secondary slices "
"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
"then no additional secondary slices are generated."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
"POSIX IDs are available for those objects."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
"look up the SID by the name as well. To avoid collisions only the fully "
"qualified names can be used to look up Well-Known SIDs. As a result the "
"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
"names in <filename>sssd.conf</filename>."
msgstr ""
#. type: Content of: <varlistentry><term>
msgid "<option>-?</option>,<option>--help</option>"
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
msgid "Display help message and exit."
msgstr ""
#. type: Content of: <varlistentry><term>
msgid "<option>-h</option>,<option>--help</option>"
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"SSSD supports two representations for specifying the debug level. The "
"simplest is to specify a decimal value from 0-9, which represents enabling "
"that level and all lower-level debug messages. The more comprehensive option "
"is to specify a hexadecimal bitmask to enable or disable specific levels "
"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:10
msgid ""
"Please note that each SSSD service logs into its own log file. Also please "
"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
"section only enables debugging just for the sssd process itself, not for the "
"responder or provider processes. The <quote>debug_level</quote> parameter "
"should be added to all sections that you wish to produce debug logs from."
msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:18
msgid ""
"In addition to changing the log level in the config file using the "
"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
"restart, it is also possible to change the debug level on the fly using the "
"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry> tool."
msgstr ""
#. type: Content of: <listitem><para>
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
"Anything that would prevent SSSD from starting up or causes it to cease "
"running."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
"error that doesn't kill SSSD, but one that indicates that at least one major "
"feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"To log required bitmask debug levels, simply add their numbers together as "
"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
"in 1.7.0."
msgstr ""
#. type: Content of: <listitem><para>
msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
msgid ""
"<emphasis> This is an experimental feature, please use https://pagure.io/"
"SSSD/sssd/ to report any issues. </emphasis>"
msgstr ""
#. type: Content of: <refsect1><title>
#: include/local.xml:2
msgid "THE LOCAL DOMAIN"
msgstr ""
#. type: Content of: <refsect1><para>
#: include/local.xml:4
msgid ""
"In order to function correctly, a domain with <quote>id_provider=local</"
"quote> must be created and the SSSD must be running."
msgstr ""
#. type: Content of: <refsect1><para>
#: include/local.xml:9
msgid ""
"The administrator might want to use the SSSD local users instead of "
"traditional UNIX users in cases where the group nesting (see <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry>) is needed. The local users are also useful for testing and "
"development of the SSSD without having to deploy a full remote server. The "
"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
"local LDB storage to store users and groups."
msgstr ""
#. type: Content of: <refsect1><para>
#: include/seealso.xml:4
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> </phrase>"
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
msgstr ""
#. type: Content of: <listitem><para><programlisting>
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
"results and trigger the Range Retrieval extension in the response."
msgstr ""
#. type: Content of: <para>
msgid ""
"Please note that the automounter only reads the master map on startup, so if "
"any autofs-related changes are made to the sssd.conf, you typically also "
"need to restart the automounter daemon after restarting the SSSD."
msgstr ""
#. type: Content of: <varlistentry><term>
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "UID number"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "domain name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "%f"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "%l"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "The first letter of the login name."
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "UPN - User Principal Name (name@REALM)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "%o"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "The original home directory retrieved from the identity provider."
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "%H"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "The value of configure option <emphasis>homedir_substring</emphasis>."
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><programlisting>
#, no-wrap
msgid ""
"override_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <varlistentry><term>
msgid "homedir_substring (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
msgid ""
"The value of this option will be used in the expansion of the "
"<emphasis>override_homedir</emphasis> option if the template contains the "
"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
"contain this template so that this option can be used to expand the home "
"directory path for each client machine (or operating system). It can be set "
"per-domain or globally in the [nss] section. A value specified in a domain "
"section will override one set in the [nss] section."
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
msgid "Default: /home"
msgstr ""
#. type: Content of: <refsect1><title>
msgid "MODIFIED DEFAULT OPTIONS"
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"Certain option defaults do not match their respective backend provider "
"defaults, these option names and AD provider-specific defaults are listed "
"below:"
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "KRB5 Provider"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_validate = true"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_use_enterprise_principal = true"
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_schema = ad"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_force_upper_case_realm = true"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_id_mapping = true"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_sasl_mech = gssapi"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_referrals = false"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_account_expire_policy = ad"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_use_tokengroups = true"
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"Certain option defaults do not match their respective backend provider "
"defaults, these option names and IPA provider-specific defaults are listed "
"below:"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_use_fast = try"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_canonicalize = true"
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider - General"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_schema = ipa_v1"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_sasl_mech = GSSAPI"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_sasl_minssf = 56"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_account_expire_policy = ipa"
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider - User options"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_member_of = memberOf"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_uuid = ipaUniqueID"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_ssh_public_key = ipaSshPubKey"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_auth_type = ipaUserAuthType"
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider - Group options"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_object_class = ipaUserGroup"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_object_class_alt = posixGroup"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_member = member"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_uuid = ipaUniqueID"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_external_member = ipaExternalMember"
msgstr ""