nl.po revision 6b0f9cd2ee601121cb7fe1d9ad8ebce782aa8f39
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Red Hat
# This file is distributed under the same license as the sssd-docs package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
"POT-Creation-Date: 2011-01-24 13:36-0500\n"
"PO-Revision-Date: 2011-03-08 15:06+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: nl\n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
#. type: Content of: <reference><title>
msgid "SSSD Manual pages"
msgstr "SSSD handleiding"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
msgid "sss_groupmod"
msgstr "sss_groupmod"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
msgid "8"
msgstr "8"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupmod.8.xml:16
msgid "modify a group"
msgstr "muteer een groep"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupmod.8.xml:21
msgid ""
"<command>sss_groupmod</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
"<command>sss_groupmod</command> <arg choice='opt'> "
"<replaceable>opties</replaceable> </arg> <arg "
"choice='plain'><replaceable>GROEP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "DESCRIPTION"
msgstr "OMSCHRIJVING"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupmod.8.xml:32
msgid ""
"<command>sss_groupmod</command> modifies the group to reflect the changes "
"that are specified on the command line."
msgstr ""
"<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen "
"die via de opdrachtregel ingegeven zijn."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "OPTIONS"
msgstr "OPTIES"
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
msgid ""
"<option>-a</option>,<option>--append-group</option> "
"<replaceable>GROUPS</replaceable>"
msgstr ""
"<option>-a</option>,<option>--append-group</option> "
"<replaceable>GROEPEN</replaceable>"
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupmod.8.xml:48
msgid ""
"Append this group to groups specified by the "
"<replaceable>GROUPS</replaceable> parameter. The "
"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
"group names."
msgstr ""
"Voeg deze groep toe aan de groepen opgegeven met de "
"<replaceable>GROEPEN</replaceable> parameter. De "
"<replaceable>GROEPEN</replaceable> parameter is een kommagescheiden lijst "
"van groepnamen."
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
msgid ""
"<option>-r</option>,<option>--remove-group</option> "
"<replaceable>GROUPS</replaceable>"
msgstr ""
"<option>-r</option>,<option>--remove-group</option> "
"<replaceable>GROEPEN</replaceable>"
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupmod.8.xml:62
msgid ""
"Remove this group from groups specified by the "
"<replaceable>GROUPS</replaceable> parameter."
msgstr ""
"Verwijder deze groep uit de groepen opgegeven in de "
"<replaceable>GROEPEN</replaceable> parameter."
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_usermod.8.xml:138
msgid "SEE ALSO"
msgstr "ZIE OOK"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupmod.8.xml:74
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
msgid "sssd.conf"
msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
msgid "File Formats and Conventions"
msgstr "Bestandsformaten en conventies"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
msgid "the configuration file for SSSD"
msgstr "het configuratiebestand voor SSSD"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:21
msgid "FILE FORMAT"
msgstr "BESTANDSFORMAAT"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:29
#, no-wrap
msgid ""
" <replaceable>[section]</replaceable>\n"
" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
" "
msgstr ""
" <replaceable>[sectie]</replaceable>\n"
" <replaceable>sleutel</replaceable> = <replaceable>waarde</replaceable>\n"
" <replaceable>sleutel2</replaceable> = <replaceable>waarde2,waarde3</replaceable>\n"
" "
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:24
msgid ""
"The file has an ini-style syntax and consists of sections and parameters. A "
"section begins with the name of the section in square brackets and continues"
" until the next section begins. An example of section with single and multi-"
"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en "
"parameters. Een sectie begint met de naam van de sectie in rechte haken en "
"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie "
"met een enkele en een meervoudige parameter: <placeholder "
"type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:36
msgid ""
"The data types used are string (no quotes needed), integer and bool (with "
"values of <quote>TRUE/FALSE</quote>)."
msgstr ""
"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en "
"booleaans (met de waardes <quote>TRUE/FALSE</quote>)."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:41
msgid ""
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
"(<quote>;</quote>)"
msgstr ""
"Een regel met kommentaar begint met een hekje (<quote>#</quote>) of een "
"puntkomma (<quote>;</quote>)"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:46
msgid ""
"All sections can have an optional <replaceable>description</replaceable> "
"parameter. Its function is only as a label for the section."
msgstr ""
"Alle secties kunnen een optionele <replaceable>description</replaceable> "
"parameter bevatten. Dit fungeert slechts als label voor de sectie."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:52
msgid ""
"<filename>sssd.conf</filename> must be a regular file, owned by root and "
"only root may read from or write to the file."
msgstr ""
"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar "
"moet root zijn en alleen root mag hem lezen en schrijven."
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:58
msgid "SPECIAL SECTIONS"
msgstr "SPECIALE SECTIES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:61
msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><title>
#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
msgid "Section parameters"
msgstr "Sectie parameters"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:72
msgid "config_file_version (integer)"
msgstr "config_file_version (numeriek)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:75
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger "
"gebruiken versie 2."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:81
msgid "services"
msgstr "diensten"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:84
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid "Supported services: nss, pam"
msgstr "Ondersteunde diensten: nss, pam"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:93 sssd.conf.5.xml:234
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:96 sssd.conf.5.xml:237
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een "
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:101 sssd.conf.5.xml:242
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:106
msgid "domains"
msgstr "domeinen"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:109
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried."
msgstr ""
"Een domein is een databank met gebruikersinformatie. SSSD kan meerdere "
"domeinen tegelijkertijd gebruiken, maar er moet op zijn minst één domein "
"geconfigureerd zijn, anders start SSSD niet. Deze parameter omschrijft de "
"lijst van domeinen in de volgorde die SSSD ze moet aflopen."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:119
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:122
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
"Reguliere expressie die omschrijft hoe de tekst die de gebruikers- en "
"domeinnaam verwerkt moeten worden."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:126
msgid ""
"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
"sign, the domain everything after that\""
msgstr ""
"Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
"wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , "
"het domein alles daarna\""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:131
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
"version 7 or higher can support non-unique named subpatterns."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:138
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P<name>) to label subpatterns."
msgstr ""
"MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis"
" (?P<name>) om subpatronen aan te geven."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:145
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:148
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
"how to translate a (name, domain) tuple into a fully qualified name."
msgstr ""
"Een <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatibel formaat wat omschrijft "
"hoe een tuple (met name, domain) vertaald wordt in een full qualified name."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:156
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:161
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:164
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
"this, and will fall back to polling resolv.conf every five seconds if "
"inotify cannot be used."
msgstr ""
"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne"
" DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:172
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
"to 'false'"
msgstr ""
"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik"
" van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false'"
" gezet worden"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:178
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
"Standaard: true op systemen waar inotify is ondersteund. False op andere "
"systemen."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:182
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
"Merk op: deze optie heeft geen effect op systemen waar inotify niet "
"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar "
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
"managed by a special service frequently called <quote>monitor</quote>. The "
"<quote>[sssd]</quote> section is used to configure the monitor as well as "
"some other important options like the identity domains. <placeholder "
"type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:195
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:197
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
"section, for example, for NSS service, the section would be "
"<quote>[nss]</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:204
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:206
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:210
msgid "debug_level (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:213
msgid ""
"Sets the debug level for the service. The value can be in range from 0 (only"
" critical messages) to 10 (very verbose)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:218 sssd.conf.5.xml:312
msgid "Default: 0"
msgstr "Standaard: 0"
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.conf.5.xml:223 sssd.8.xml:58
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:226 sssd.8.xml:61
msgid "Add a timestamp to the debug messages"
msgstr "Voeg een tijdstempel toe aan de debugberichten"
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155
msgid "Default: true"
msgstr "Standaard: true"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:247
msgid "command (string)"
msgstr "command (tekst)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:250
msgid ""
"By default, the executable representing this service is called "
"<command>sssd_${service_name}</command>. This directive allows to change "
"the executable name for the service. In the vast majority of configurations,"
" the default values should suffice."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:258
msgid "Default: <command>sssd_${service_name}</command>"
msgstr "Standaard: <command>sssd_${service_name}</command>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:266
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:268
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te"
" configurere."
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:273
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:276
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
"over alle gebruikers)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:280
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:285
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:288
msgid ""
"The entry cache can be set to automatically update entries in the background"
" if they are requested beyond a percentage of the entry_cache_timeout value "
"for the domain."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:294
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
"after 15 seconds past the last cache update will be returned immediately, "
"but the SSSD will go and update the cache on its own, so that future "
"requests will not need to block waiting for a cache update."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:304
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
"percentage will never reduce the nowait timeout to less than 10 seconds. (0"
" disables this feature)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:317
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:320
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:331
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:334
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
"domain or include fully-qualified names to filter only users from the "
"particular domain."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:341
msgid "Default: root"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:346
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:349
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:360
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:362
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:367
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:370
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:381
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:384
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:394
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:397
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:402
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
"authentication can enable enable offline authentication again."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 5"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:414
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:417
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:422
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:425
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:428
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:432
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:435
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:439
msgid "Default: 1"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:444
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:447
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
"ensure that authentication takes place with the latest information."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:453
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
"client-application basis) how long (in seconds) we can cache the identity "
"information to avoid excessive round-trips to the identity provider."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:467
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:470
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:473
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:479
msgid "Default: 7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:488
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:495
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:498
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:503
msgid ""
"For users, this affects the primary GID limit. The user will not be returned"
" to NSS if either the UID or the primary GID is outside the range. For non-"
"primary group memberships, those that are in range will be reported as "
"expected."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:510
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:516
msgid "timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:519
msgid ""
"Timeout in seconds between heartbeats for this domain. This is used to "
"ensure that the backend process is alive and capable of answering requests."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:524
msgid "Default: 10"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:530
msgid "enumerate (bool)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:533
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the"
" following values:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:537
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:540
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: FALSE"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:546
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup"
" to fully complete enumerations. During this time, individual requests for "
"information will go directly to LDAP, though it may be slow, due to the "
"heavy enumeration processing."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:556
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:561
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
"enumeration lookups are completed successfully. For more information, refer"
" to the man pages for the specific id_provider in use."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:572
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:575
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:579
msgid "Default: 5400"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:584
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:587
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:596
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:599
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
"value of this parameter must be greater than or equal to "
"offline_credentials_expiration."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:606
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:612
msgid "id_provider (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:615
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:619
msgid "Supported backends:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:622
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:625
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:628
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:634
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:637
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
"<command>getent passwd test</command> wouldn't find the user while "
"<command>getent passwd test@LOCAL</command> would."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:650
msgid "auth_provider (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:653
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:657
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> for more information on configuring LDAP."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:664
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> for more information on configuring Kerberos."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:671
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:674
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:677
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:683
msgid "access_provider (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:686
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
"Internal special providers are:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:692
msgid "<quote>permit</quote> always allow access."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:695
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:698
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for more information on configuring "
"the simple access module."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:705
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:710
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:713
msgid ""
"The provider which should handle change password operations for the domain."
" Supported change password providers are:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:718
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
" IPA."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:726
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
" LDAP."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:734
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> for more information on configuring Kerberos."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:742
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:746
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:749
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:756
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:759
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:763
msgid "Supported values:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:766
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:769
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:772
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:775
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:778
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:784
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:787
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached,"
" the domain will continue to operate in offline mode."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:799
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:802
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:806
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:490
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder "
"type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:818
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:821
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:824
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:832
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:835
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:814
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:847
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:849
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
"<replaceable>id_provider=local</replaceable>."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:856
msgid "default_shell (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:859
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:863
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:868
msgid "base_directory (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:871
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable>"
" and use that as the home directory."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:876
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:881
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:884
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
msgid "Default: TRUE"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:893
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:896
msgid ""
"Indicate if a home directory should be removed by default for deleted users."
" Can be overridden on command line."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:905
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:908
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
"on a newly created home directory."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:916
msgid "Default: 077"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:921
msgid "skel_dir (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:924
msgid ""
"The skeleton directory, which contains files and directories to be copied in"
" the user's home directory, when the home directory is created by "
"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:934
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:939
msgid "mail_dir (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:942
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
"default value is used."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:949
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sssd.conf.5.xml:954
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:957
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
"return code of the command is not taken into account."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:963
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ipa.5.xml:173 sssd-krb5.5.xml:405
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:979
#, no-wrap
msgid ""
"[sssd]\n"
"domains = LDAP\n"
"services = nss, pam\n"
"config_file_version = 2\n"
"\n"
"[nss]\n"
"filter_groups = root\n"
"filter_users = root\n"
"\n"
"[pam]\n"
"\n"
"[domain/LDAP]\n"
"id_provider = ldap\n"
"ldap_uri = ldap://ldap.example.com\n"
"ldap_search_base = dc=example,dc=com\n"
"\n"
"auth_provider = krb5\n"
"krb5_server = kerberos.example.com\n"
"krb5_realm = EXAMPLE.COM\n"
"cache_credentials = true\n"
"\n"
"min_id = 10000\n"
"max_id = 20000\n"
"enumerate = False\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:975
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
"configuring domains for more details. <placeholder type=\"programlisting\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:1010
msgid ""
"<citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
msgid "sssd-ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
"This manual page describes the configuration of LDAP domains for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
"information."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:35
msgid "You can configure SSSD to use more than one LDAP domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:38
msgid ""
"LDAP back end supports id, auth, access and chpass providers. If you want to"
" authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
"<command>sssd</command> <emphasis>does not</emphasis> support authentication"
" over an unencrypted channel. If the LDAP server is used only as an "
"identity provider, an encrypted channel is not needed. Please refer to "
"<quote>ldap_access_filter</quote> config option for more information about "
"using LDAP as an access provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:60
msgid "ldap_uri (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:63
msgid ""
"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
"in the order of preference. Refer to the <quote>FAILOVER</quote> section for"
" more information on failover and server redundancy. If not specified, "
"service discovery is enabled. For more information, refer to the "
"<quote>SERVICE DISCOVERY</quote> section."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:73
msgid "ldap_chpass_uri (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:76
msgid ""
"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
"in the order of preference to change the password of a user. Refer to the "
"<quote>FAILOVER</quote> section for more information on failover and server "
"redundancy."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:83
msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:87
msgid "Default: empty, i.e. ldap_uri is used."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:93
msgid "ldap_search_base (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:96
msgid "The default base DN to use for performing LDAP user operations."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:100
msgid ""
"Default: If not set the value of the defaultNamingContext or namingContexts "
"attribute from the RootDSE of the LDAP server is used. If "
"defaultNamingContext does not exists or has an empty value namingContexts is"
" used. The namingContexts attribute must have a single value with the DN of"
" the search base of the LDAP server to make this work. Multiple values are "
"are not supported."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:114
msgid "ldap_schema (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:117
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
"may vary. The way that some attributes are handled may also differ. Three "
"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
"attribute."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:136
msgid "Default: rfc2307"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:142
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:145
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:152
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:155
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:159
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:162
msgid "password"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:165
msgid "obfuscated_password"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:171
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:174
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:181
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:184
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:187
msgid "Default: posixAccount"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:193
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:196
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:200
msgid "Default: uid"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:206
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:209
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:213
msgid "Default: uidNumber"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:219
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:222
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622
msgid "Default: gidNumber"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:232
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:235
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:239
msgid "Default: gecos"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:245
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:248
msgid ""
"The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:252
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:258
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:261
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:265
msgid "Default: loginShell"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:271
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:274
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:284
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:297
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:300
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> counterpart (date of the last password change)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:310
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:316
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:319
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> counterpart (minimum password age)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:328
msgid "Default: shadowMin"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:334
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:337
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> counterpart (maximum password age)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:346
msgid "Default: shadowMax"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:352
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:355
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> counterpart (password warning period)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:365
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:371
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:374
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> counterpart (password inactivity period)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:384
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:390
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:393
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this"
" parameter contains the name of an LDAP attribute corresponding to its "
"<citerefentry> <refentrytitle>shadow</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration "
"date)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:403
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:409
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:412
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
" an LDAP attribute storing the date and time of last password change in "
"kerberos."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:418
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:424
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:427
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
" an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:433
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:439
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:442
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:447
msgid "Default: accountExpires"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:453
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:456
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:461
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:467
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:470
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:475
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:481
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:484
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:488
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:494
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:497
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to"
" fail. Set this option to a non-zero value if you want to use an upper-case "
"realm."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
msgid "Default: false"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:510
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:513
msgid ""
"The LDAP attribute that contains how many seconds SSSD has to wait before "
"refreshing its cache of enumerated records."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:518
msgid "Default: 300"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:524
msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:527
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
"space."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:533
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:537
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:543
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:546
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: cn"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:556
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:559
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:563
msgid "Default: memberOf"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:569
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:572
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry"
" to determine access privilege."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:579
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:584
msgid "Default: authorizedService"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:590
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:593
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:596
msgid "Default: posixGroup"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:602
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:605
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:615
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:618
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:628
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:631
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:635
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:641
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:644
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:654
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:667
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:670
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:677
msgid "Default: 2"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:683
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:686
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:689
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:695
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:698
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:708
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:711
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:715
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:721
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:724
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:728
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:734
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:737
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:747
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:760
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:763
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
"is entered)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:769
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
"lookup types."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 6"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:781
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:784
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results"
" are returned (and offline mode is entered)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:791
msgid "Default: 60"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:797
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:800
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
"<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> "
"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> "
"</citerefentry> returns in case of no activity."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:823
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:826
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
"communicating with the KDC in case of SASL bind."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:838
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:841
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if"
" any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:847
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server"
" certificate."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:851
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate"
" is provided, it will be ignored and the session proceeds normally."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:858
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate"
" is provided, the session is immediately terminated."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:864
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
"immediately terminated."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:870
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:874
msgid "Default: hard"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:880
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:883
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:895
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:898
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
"be the hash of the certificate followed by '.0'. If available, "
"<command>cacertdir_rehash</command> can be used to create the correct names."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:913
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:916
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:926
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:929
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:938
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:941
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:954
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:957
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:967
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:970
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102
msgid "Default: none"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:980
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:983
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:988
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:994
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:997
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1000
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1006
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1009
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This"
" action is performed only if SASL is used and the mechanism selected is "
"GSSAPI."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1021
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1024
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1028
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77
msgid ""
"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
"which SSSD should connect in the order of preference. For more information "
"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
"An optional port number (preceded by a colon) may be appended to the "
"addresses or hostnames. If empty, service discovery is enabled - for more "
"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches"
" for DNS entries that specify _udp as the protocol and falls back to _tcp if"
" none are found."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD."
" While the legacy name is recognized for the time being, users are advised "
"to migrate their config files to use <quote>krb5_server</quote> instead."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1066
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1069
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1075
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1078
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1083
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1088
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the "
"password has expired. Note that the current version of sssd cannot update "
"this attribute during a password change."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1096
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update"
" these attributes when the password is changed."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1108
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1111
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1115
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1126
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1129
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1133
msgid "Default: ldap"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1139
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1142
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1147
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1153
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1156
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
"it will result in all users being denied access. Use access_provider = allow"
" to change this default behavior."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1166
msgid "Example:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
#: sssd-ldap.5.xml:1169
#, no-wrap
msgid ""
"access_provider = ldap\n"
"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
" "
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1173
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1178
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted"
" access during their last login, they will continue to be granted access "
"while offline and vice-versa."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227
msgid "Default: Empty"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1192
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1195
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1199
msgid ""
"Please note that it is always recommended to use server side access control,"
" i.e. the LDAP server should deny the bind request with a suitable error "
"code even if the password is correct."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1206
msgid "The following values are allowed:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1214
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
"set. If the attribute is missing access is granted. Also the expiration time"
" of the account is checked."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1221
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
"if access is allowed or not."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1233
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1236
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1240
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1243
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1247
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute"
" to determine access"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1252
msgid "Default: filter"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1255
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1262
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1265
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1270
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1274
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1279
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1284
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1289
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:51
msgid ""
"All of the common configuration options that apply to SSSD domains also "
"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:1301
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1308
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1311
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1322
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1325
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1336
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1339
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:1303
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you"
" are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:1359
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
"section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ldap.5.xml:1365
#, no-wrap
msgid ""
" [domain/LDAP]\n"
" id_provider = ldap\n"
" auth_provider = ldap\n"
" ldap_uri = ldap://ldap.mydomain.org\n"
" ldap_search_base = dc=mydomain,dc=org\n"
" ldap_tls_reqcert = demand\n"
" cache_credentials = true\n"
" enumerate = true\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:414
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:1380
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
"distribution."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:1391
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <refentryinfo>
msgid ""
"<productname>SSSD</productname> <orgname>The SSSD upstream - "
"http://fedorahosted.org/sssd</orgname>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: pam_sss.8.xml:13 pam_sss.8.xml:18
msgid "pam_sss"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: pam_sss.8.xml:19
msgid "PAM module for SSSD"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> "
"<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
"<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
"<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
"<replaceable>retry=N</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:42
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:52
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:55
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:62
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:65
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
"available or the password is not appropriate, the user will be denied "
"access."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:73
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:76
msgid ""
"When password changing enforce the module to set the new password to the one"
" provided by a previously stacked password module."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: pam_sss.8.xml:83
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:86
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: pam_sss.8.xml:88
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:99
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:100
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:106
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:107
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
"This message can e.g. contain instructions about how to reset a password."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:112
msgid ""
"The message is read from the file "
"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
"locale string returned by <citerefentry> "
"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> "
"</citerefentry>. If there is no matching file the content of "
"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be"
" the owner of the files and only root may have read and write permissions "
"while all other users must have only read permisssions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:122
msgid ""
"These files are searched in the directory "
"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
"is present a generic message is displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:130
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sssd_krb5_locator_plugin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> "
"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>"
" to tell the Kerberos libraries what Realm and which KDC to use. Typically "
"this is done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
"Kerberos libraries. To simplyfy the configuration the Realm and the KDC can "
"be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
"libraries it reads and evaluates these variable and returns them to the "
"libraries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"Not all Kerberos implementations support the use of plugins. If "
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
"debug messages will be sent to stderr."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
msgid ""
"<citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
" <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
msgid "sssd-simple"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-simple.5.xml:17
msgid "the configuration file for SSSD's 'simple' access-control provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:24
msgid ""
"This manual page describes the configuration of the simple access-control "
"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:38
msgid ""
"The simple access provider grants or denies access based on an access or "
"deny list of user or group names. The following rules apply:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:43
msgid "If all lists are empty, access is granted"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:47
msgid ""
"If any list is provided, the order of evaluation is allow,deny. This means "
"that any matching deny rule will supersede any matched allow rule."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:54
msgid ""
"If either or both \"allow\" lists are provided, all users are denied unless "
"they appear in the list."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:60
msgid ""
"If only \"deny\" lists are provided, all users are granted access unless "
"they appear in the list."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:78
msgid "simple_allow_users (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:81
msgid "Comma separated list of users who are allowed to log in."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:88
msgid "simple_deny_users (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:91
msgid "Comma separated list of users who are explicitly denied access."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:97
msgid "simple_allow_groups (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:100
msgid ""
"Comma separated list of groups that are allowed to log in. This applies only"
" to groups within this SSSD domain. Local groups are not evaluated."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:108
msgid "simple_deny_groups (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:111
msgid ""
"Comma separated list of groups that are explicitly denied access. This "
"applies only to groups within this SSSD domain. Local groups are not "
"evaluated."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> manual page for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:120
msgid ""
"Please note that it is an configuration error if both, simple_allow_users "
"and simple_deny_users, are defined."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:128
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
"section. This examples shows only the simple access provider-specific "
"options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-simple.5.xml:135
#, no-wrap
msgid ""
" [domain/example.com]\n"
" access_provider = simple\n"
" simple_allow_users = user1, user2\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:145
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
msgid "sssd-ipa"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
"This manual page describes the configuration of the IPA provider for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:36
msgid ""
"The IPA provider is a back end used to connect to an IPA server. (Refer to "
"the freeipa.org web site for information about IPA servers.) This provider "
"requires that the machine be joined to the IPA domain; configuration is "
"almost entirely self-discovered and obtained directly from the server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
msgid ""
"The IPA provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> identity provider and the <citerefentry> <refentrytitle"
">sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> "
"authentication provider. However, it is neither necessary nor recommended "
"to set these options. IPA provider can also be used as an access and chpass"
" provider. As an access provider it uses HBAC (host-based access control) "
"rules. Please refer to freeipa.org for more information about HBAC. No "
"configuration of access provider is required on the client side."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:69
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:72
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:80
msgid "ipa_server (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:83
msgid ""
"The list of IP addresses or hostnames of the IPA servers to which SSSD "
"should connect in the order of preference. For more information on failover "
"and server redundancy, see the <quote>FAILOVER</quote> section. This is "
"optional if autodiscovery is enabled. For more information on service "
"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:96
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:99
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:107
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:110
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:121
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:124
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:129
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:135
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:138
msgid ""
"Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:142
msgid "Default: Use base DN"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:158
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:175
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
"section. This examples shows only the ipa provider-specific options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ipa.5.xml:182
#, no-wrap
msgid ""
" [domain/example.com]\n"
" id_provider = ipa\n"
" ipa_server = ipaserver.example.com\n"
" ipa_hostname = myhost.example.com\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:193
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd.8.xml:10 sssd.8.xml:15
msgid "sssd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.8.xml:16
msgid "System Security Services Daemon"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sssd.8.xml:21
msgid ""
"<command>sssd</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.8.xml:31
msgid ""
"<command>SSSD</command> provides a set of daemons to manage access to remote"
" directories and authentication mechanisms. It provides an NSS and PAM "
"interface toward the system and a pluggable backend system to connect to "
"multiple different account sources as well as D-Bus interface. It is also "
"the basis to provide client auditing and policy services for projects like "
"FreeIPA. It provides a more robust database to store local users as well as "
"extended user data."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:46
msgid ""
"<option>-d</option>,<option>--debug-level</option> "
"<replaceable>LEVEL</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:51
msgid ""
"Debug level to run the daemon with. 0 is the default as well as the lowest "
"allowed value, 10 is the most verbose mode. This setting overrides the "
"settings from config file. This parameter implies <option>-i</option>."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:70
msgid "<option>-f</option>,<option>--debug-to-files</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:74
msgid ""
"Send the debug output to files instead of stderr. By default, the log files "
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:82
msgid "<option>-D</option>,<option>--daemon</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:86
msgid "Become a daemon after starting up."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:92
msgid "<option>-i</option>,<option>--interactive</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:96
msgid "Run in the foreground, don't become a daemon."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:102
msgid "<option>-c</option>,<option>--config</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:106
msgid ""
"Specify a non-default config file. The default is "
"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
"syntax and options, consult the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.8.xml:122
msgid "Signals"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:125
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:128
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then"
" shut down the monitor."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:134
msgid "SIGHUP"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:137
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs"
" like logrotate."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:145
msgid "SIGUSR1"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:148
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:154
msgid "SIGUSR2"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:157
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.8.xml:168
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_obfuscate.8.xml:16
msgid "obfuscate a clear text password"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_obfuscate.8.xml:21
msgid ""
"<command>sss_obfuscate</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>[PASSWORD]</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:32
msgid ""
"<command>sss_obfuscate</command> converts a given password into human-"
"unreadable format and places it into appropriate domain section of the SSSD "
"config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:37
msgid ""
"The cleartext password can be specified as an argument to the program, read "
"from standard input or entered interactively. The obfuscated password is "
"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD "
"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to "
"<quote>obfuscated_password</quote>. Refer to <citerefentry> <refentrytitle"
">sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more"
" details on these parameters."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:50
msgid ""
"Please note that obfuscating the password provides <emphasis>no real "
"security benefit</emphasis> as it is still possible for an attacker to "
"reverse-engineer the password back. Using better authentication mechanisms "
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"advised."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:64
msgid "<option>-s</option>,<option>--stdin</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:68
msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:75
msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>DOMAIN</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:80
msgid ""
"The SSSD domain to use the password in. The default name is "
"<quote>default</quote>."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:87
msgid ""
"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:92
msgid "Read the config file specified by the positional parameter."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:96
msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:106
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
msgid "sss_useradd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_useradd.8.xml:16
msgid "create a new user"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_useradd.8.xml:21
msgid ""
"<command>sss_useradd</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>LOGIN</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_useradd.8.xml:32
msgid ""
"<command>sss_useradd</command> creates a new user account using the values "
"specified on the command line plus the default values from the system."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:43
msgid ""
"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:48
msgid ""
"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
msgid ""
"<option>-c</option>,<option>--gecos</option> "
"<replaceable>COMMENT</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
msgid ""
"Any text string describing the user. Often used as the field for the user's "
"full name."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
msgid ""
"<option>-h</option>,<option>--home</option> "
"<replaceable>HOME_DIR</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:72
msgid ""
"The home directory of the user account. The default is to append the "
"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
"that as the home directory. The base that is prepended before "
"<replaceable>LOGIN</replaceable> is tunable with "
"<quote>user_defaults/baseDirectory</quote> setting in sssd.conf."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
msgid ""
"<option>-s</option>,<option>--shell</option> "
"<replaceable>SHELL</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:87
msgid ""
"The user's login shell. The default is currently "
"<filename>/bin/bash</filename>. The default can be changed with "
"<quote>user_defaults/defaultShell</quote> setting in sssd.conf."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:96
msgid ""
"<option>-G</option>,<option>--groups</option> "
"<replaceable>GROUPS</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:101
msgid "A list of existing groups this user is also a member of."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:107
msgid "<option>-m</option>,<option>--create-home</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:111
msgid ""
"Create the user's home directory if it does not exist. The files and "
"directories contained in the skeleton directory (which can be defined with "
"the -k option or in the config file) will be copied to the home directory."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:121
msgid "<option>-M</option>,<option>--no-create-home</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:125
msgid ""
"Do not create the user's home directory. Overrides configuration settings."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:132
msgid ""
"<option>-k</option>,<option>--skel</option> "
"<replaceable>SKELDIR</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:137
msgid ""
"The skeleton directory, which contains files and directories to be copied in"
" the user's home directory, when the home directory is created by "
"<command>sss_useradd</command>."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:143
msgid ""
"This option is only valid if the <option>-m</option> (or <option>--create-"
"home</option>) option is specified, or creation of home directories is set "
"to TRUE in the configuration."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
msgid ""
"<option>-Z</option>,<option>--selinux-user</option> "
"<replaceable>SELINUX_USER</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:157
msgid ""
"The SELinux user for the user's login. If not specified, the system default "
"will be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_useradd.8.xml:169
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
msgid "sssd-krb5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
"This manual page describes the configuration of the Kerberos 5 "
"authentication backend for <citerefentry> "
"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, please refer to the "
"<quote>FILE FORMAT</quote> section of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> manual page"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:36
msgid ""
"The Kerberos 5 authentication backend contains auth and chpass providers. It"
" must be paired with identity provider in order to function properly (for "
"example, id_provider = ldap). Some information required by the Kerberos 5 "
"authentication backend must be provided by the identity provider, such as "
"the user's Kerberos Principal Name (UPN). The configuration of the identity "
"provider should have an entry to specify the UPN. Please refer to the man "
"page for the applicable identity provider for details on how to configure "
"this."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:47
msgid ""
"This backend also provides access control based on the .k5login file in the "
"home directory of the user. See <citerefentry> "
"<refentrytitle>.k5login</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry> for more details. Please note that an empty .k5login file "
"will deny all access to this user. To activate this feature use "
"'access_provider = krb5' in your sssd configuration."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:55
msgid ""
"In the case where the UPN is not available in the identity backend "
"<command>sssd</command> will construct a UPN using the format "
"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:106
msgid ""
"The name of the Kerberos realm. This option is required and must be "
"specified."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:113
msgid "krb5_kpasswd (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:116
msgid ""
"If the change password service is not running on the KDC alternative servers"
" can be defined here. An optional port number (preceded by a colon) may be "
"appended to the addresses or hostnames."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:122
msgid ""
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. Please note that even if there are no more"
" kpasswd servers to try the back end is not switch to offline if "
"authentication against the KDC is still possible."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:129
msgid "Default: Use the KDC"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:135
msgid "krb5_ccachedir (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
"krb5_ccname_template can be used here, too, except %d and %P. If the "
"directory does not exist it will be created. If %u, %U, %p or %h are used a "
"private directory belonging to the user is created. Otherwise a public "
"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
"</citerefentry> for details) is created."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:151
msgid "Default: /tmp"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:157
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:171
msgid "login UID"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:174
msgid "%p"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:175
msgid "principal name"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:179
msgid "%r"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:180
msgid "realm name"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:183
msgid "%h"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:184
msgid "home directory"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:189
msgid "value of krb5ccache_dir"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:194
msgid "%P"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:195
msgid "the process ID of the sssd client"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:160
msgid ""
"Location of the user's credential cache. Currently only file based "
"credential caches are supported. In the template the following sequences are"
" substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
"way."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:209
msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:215
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:218
msgid ""
"Timeout in seconds after an online authentication or change password request"
" is aborted. If possible the authentication request is continued offline."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:241
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:244
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:248
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:254
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:257
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider gets online again."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:262
msgid ""
"Please note that this feature currently only available on a Linux platform."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:272
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:275
msgid ""
"Request a renewable ticket with a total lifetime given by an integer "
"immediately followed by one of the following delimiters:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
msgid "<emphasis>s</emphasis> seconds"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
msgid "<emphasis>m</emphasis> minutes"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
msgid "<emphasis>h</emphasis> hours"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
msgid "<emphasis>d</emphasis> days."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:296
msgid ""
"Please note that it is not possible to mix units. If you want to set the "
"renewable lifetime to one and a half hours please use '90m' instead of "
"'1h30m'."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:302
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:308
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:311
msgid ""
"Request ticket with a with a lifetime given by an integer immediately "
"followed by one of the following delimiters:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:332
msgid ""
"Please note that it is not possible to mix units. If you want to set the "
"lifetime to one and a half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:337
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:344
msgid "krb5_renew_interval (integer)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:347
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:352
msgid "If this option is not set or 0 the automatic renewal is disabled."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:362
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:365
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:370
msgid ""
"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
"option at all."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:374
msgid ""
"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
"continue without."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:378
msgid ""
"<emphasis>demand</emphasis> to use FAST, fail if the server does not require"
" fast."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:382
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:385
msgid "Please note that a keytab is required to use fast."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:388
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
"and above. If sssd used used with an older version using this option is a "
"configuration error."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:65
msgid ""
"If the auth-module krb5 is used in a SSSD domain, the following options must"
" be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
"SECTIONS</quote> for details on the configuration of a SSSD domain. "
"<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:407
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
"example shows only configuration of Kerberos authentication, it does not "
"include any identity provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-krb5.5.xml:415
#, no-wrap
msgid ""
" [domain/FOO]\n"
" auth_provider = krb5\n"
" krb5_server = 192.168.1.1\n"
" krb5_realm = EXAMPLE.COM\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:426
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
msgid "sss_groupadd"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupadd.8.xml:16
msgid "create a new group"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupadd.8.xml:21
msgid ""
"<command>sss_groupadd</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:32
msgid ""
"<command>sss_groupadd</command> creates a new group. These groups are "
"compatible with POSIX groups, with the additional feature that they can "
"contain other groups as members."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupadd.8.xml:43
msgid ""
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupadd.8.xml:48
msgid ""
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If"
" not given, it is chosen automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:60
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
msgid "sss_userdel"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_userdel.8.xml:16
msgid "delete a user account"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_userdel.8.xml:21
msgid ""
"<command>sss_userdel</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>LOGIN</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:32
msgid ""
"<command>sss_userdel</command> deletes a user identified by login name "
"<replaceable>LOGIN</replaceable> from the system."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:44
msgid "<option>-r</option>,<option>--remove</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:48
msgid ""
"Files in the user's home directory will be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:56
msgid "<option>-R</option>,<option>--no-remove</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:60
msgid ""
"Files in the user's home directory will NOT be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:68
msgid "<option>-f</option>,<option>--force</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:72
msgid ""
"This option forces <command>sss_userdel</command> to remove the user's home "
"directory and mail spool, even if they are not owned by the specified user."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:80
msgid "<option>-k</option>,<option>--kick</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:84
msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:95
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
msgid "sss_groupdel"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupdel.8.xml:16
msgid "delete a group"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupdel.8.xml:21
msgid ""
"<command>sss_groupdel</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:32
msgid ""
"<command>sss_groupdel</command> deletes a group identified by its name "
"<replaceable>GROUP</replaceable> from the system."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:48
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
msgid "sss_groupshow"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupshow.8.xml:16
msgid "print properties of a group"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupshow.8.xml:21
msgid ""
"<command>sss_groupshow</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>GROUP</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:32
msgid ""
"<command>sss_groupshow</command> displays information about a group "
"identified by its name <replaceable>GROUP</replaceable>. The information "
"includes the group ID number, members of the group and the parent group."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupshow.8.xml:43
msgid "<option>-R</option>,<option>--recursive</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupshow.8.xml:47
msgid ""
"Also print indirect group members in a tree-like hierarchy. Note that this "
"also affects printing parent groups - without <option>R</option>, only the "
"direct parent will be printed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:60
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
msgid "sss_usermod"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_usermod.8.xml:16
msgid "modify a user account"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_usermod.8.xml:21
msgid ""
"<command>sss_usermod</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>LOGIN</replaceable></arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:32
msgid ""
"<command>sss_usermod</command> modifies the account specified by "
"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
"on the command line."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:60
msgid "The home directory of the user account."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:71
msgid "The user's login shell."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:82
msgid ""
"Append this user to groups specified by the "
"<replaceable>GROUPS</replaceable> parameter. The "
"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
"group names."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:96
msgid ""
"Remove this user from groups specified by the "
"<replaceable>GROUPS</replaceable> parameter."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:103
msgid "<option>-l</option>,<option>--lock</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:107
msgid "Lock the user account. The user won't be able to log in."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:114
msgid "<option>-u</option>,<option>--unlock</option>"
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:118
msgid "Unlock the user account."
msgstr ""
#. type: Content of:
#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:129
msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:140
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>, <citerefentry> "
"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <refsect1><title>
msgid "SERVICE DISCOVERY"
msgstr ""
#. type: Content of: <refsect1><para>
msgid ""
"The service discovery feature allows back ends to automatically find the "
"appropriate servers to connect to using a special DNS query."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"If no servers are specified, the back end automatically uses service "
"discovery to try to find a server. Optionally, the user may choose to use "
"both fixed server addresses and service discovery by inserting a special "
"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
"preference is maintained. This feature is useful if, for example, the user "
"prefers to use service discovery whenever possible, and fall back to a "
"specific server when no servers can be discovered using DNS."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "The domain name"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page for more details."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "The protocol"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"The queries usually specify _tcp as the protocol. Exceptions are documented "
"in respective option description."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
msgid "See Also"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
msgid ""
"For more information on the service discovery mechanism, refer to RFC 2782."
msgstr ""
#. type: Content of: outside any tag (error?)
#: include/upstream.xml:1
msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
msgstr ""
#. type: Content of: <refsect1><title>
#: include/failover.xml:2
msgid "FAILOVER"
msgstr ""
#. type: Content of: <refsect1><para>
#: include/failover.xml:4
msgid ""
"The failover feature allows back ends to automatically switch to a different"
" server if the primary server fails."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:8
msgid "Failover Syntax"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:10
msgid ""
"The list of servers is given as a comma-separated list; any number of spaces"
" is allowed around the comma. The servers are listed in order of preference."
" The list can contain any number of servers."
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:17
msgid "The Failover Mechanism"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:19
msgid ""
"The failover mechanism distinguishes between a machine and a service. The "
"back end first tries to resolve the hostname of a given machine; if this "
"resolution attempt fails, the machine is considered offline. No further "
"attempts are made to connect to this machine for any other service. If the "
"resolution attempt succeeds, the back end tries to connect to a service on "
"this machine. If the service connection attempt fails, then only this "
"particular service is considered offline and the back end automatically "
"switches over to the next service. The machine is still considered online "
"and might still be tried for another service."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:32
msgid ""
"Further connection attempts are made to machines or services marked as "
"offline after a specified period of time; this is currently hard coded to 30"
" seconds."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:37
msgid ""
"If there are no more machines to try, the back end as a whole switches to "
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
#. type: Content of: <varlistentry><term>
msgid "<option>-h</option>,<option>--help</option>"
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
msgid "Display help message and exit."
msgstr ""